NEWS FROM THE LAB - Tuesday, February 28, 2006

More on RedBrowser Posted by Mikko @ 19:15 GMT

The RedBrowser trojan is unique in several ways:

1. First J2ME (Java 2 Mobile Edition) malware. Some old Java viruses like Strangebrew do work on some Java phones, but RedBrowser is the first malware targeting Java phones on purpose.

2. First mobile malware that tries to steal money. The threat is is still very limited: this thing does not spread by itself and we have no direct reports of anybody being hit by it in Russia (where the first reports were from).

3. All other mobile malware targets smartphones (running on Symbian, Palm or PocketPC). This one works on many low-end closed phones. We've succesfully tested it under:
  Nokia 9300 (Communicator, running Symbian Series 80)
  Nokia 6630 (Symbian S60 smartphone)
  Nokia 5140i (low-end Series 40 phone)
We've also heard it works under Blackberries with J2ME support. We will be testing it with Nokia 6310i - one of the first phones with Java support.

These screenshots taken under Nokia 6630 show how the social engineering works:


The trojan always sends the messages to number 1615, which seems to be a generic premium-rate number in Russia, used by several different services.