Skip to content

First J2ME Trojan targets mass market handsets

March 15, 2006

You've got Redbrowser.A if...

Someone’s finally written the first known J2ME malware.

Read up on the details (including how to avoid infection or remove Redbrowser.A from an already infected mobile) from Symantec and McAfee.

I guess it was inevitable, but given the huge number of deployed devices as potential targets it’s amazing that it’s taken close to seven years for something as weak as Redbrowser to finally appear.

Advertisements

From → Uncategorized

3 Comments
  1. Well this isn’t really a big deal is it? Any MIDP2 application can use the WMA API to send messages, but the user either has to say YES to the messages asking them whether or not to allow this, or the application has been signed in a bogus fashion – unlikely given how complicated that is for a wide range off handsets!

    Anybody can write malware for any system – whether it just wastes your time (and hence usually your money) or costs you money directly. An application that says “Watch this dot for 30 minutes and wait for the special number that will enable you to win $10,000″… with no info at the end could be called malware! I can write it today and get in the press 😉

    The problem is that most people don’t understand the difference between malware/trojans and a virus. Many people reading this report will think that the application can actually spread itself, which from what I’ve read it cannot do.

    In theory it could cause itself to spread by sending SMS messages to random (or not so random – using phonebook API) numbers, to send WAP links to itself to other peoples’ handsets, and if they are naive enough they might download it. (Aside: is it possible to formulate a true WAP Push and send it using WMA to the WAP Push port? That would be more scary)

    Ultimately this is why MIDP2 has security, and you need to be prompted to allow SMS access, or verify the source of the application when it is installed just as you do on a PC.

    The real problem is that it is easy to con people, and that is ubiquitous regardless of the kind of technology, be it J2ME, Windows or just somebody knocking on your front door.

    Perhaps end users need better messages in the phones, spelling out what it could mean to allow network access i.e. “THIS COULD COST YOU MONEY, MAKE SURE YOU TRUST WHAT THIS APPLICATION WILL DO!”)

  2. Is M.O.R.A. and the rest really right when they talk of a J2ME Trojan?
    I have different opinion on that at: http://www.jroller.com/page/jeddi?entry=j2me_trojan_redbrowser_are_you

Trackbacks & Pingbacks

  1. AnyWare

Comments are closed.