Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Wesber.A


Discovered:
Aliases:


2006-09-05 13:47:26.0
Trojan-SMS.J2ME.Wesber.a

Malware
Trojan
Java

Summary

Wesber.A is a Java 2 Micro Edition (J2ME) based Java Midlet that sends SMS messages to a specific phone number. Wesber does not contain any social engineering tricks. Wesber sends SMS messages to one specific number and thus it may cause financial losses to the user of the infected phone.



Disinfection & Removal

F-Secure Mobile Anti-Virus is capable of detecting and deleting the Wesber.A trojan. It is also possible to remove the Wesber.A trojan by uninstalling it with the Symbian application manager.


Prevention

Prevent future infections with F-Secure Mobile Anti-Virus



Technical Details


Sending SMS Messages

Wesber.A contains a fixed phone number (1717) to which it will send SMS messages. The sending function of Wesber.A attempts to send the SMS message five times and then quits. Each of those messages will be charged to the user's account and each message requires the users approval.

Wesber.A is of Russian origin. The 1717 number that it dials is in service in Russia. If users in other locales install this trojan, then 1717 may or may not be a number in service.

The Trojan arrives in a .jar file, named 'pomoshnik.jar'. The .jar file also contains following images:



Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 108.

Detection Type: Symbian
Database: 108



Description Created: 2006-09-05 13:45:31.0
Technical Details: Mika Tolvanen, September 5, 2006
Description Last Modified: 2006-09-05 15:27:04.0



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Disinfect your PC




F-Secure Anti-Virus will disinfect your PC and remove all harmful files