Name :	Wesber.A
Category:	Trojan
Type:	Trojan
Platform:	Java
Origin:	RUSSIAN FEDERATION
Date of Discovery:	September 05, 2006

Wesber.A is a Java 2 Micro Edition (J2ME) based Java Midlet that sends SMS messages to a specific phone number. Wesber does not contain any social engineering tricks. Wesber sends SMS messages to one specific number and thus it may cause financial losses to the user of the infected phone.

F-Secure Mobile Anti-Virus is capable of detecting and deleting the Wesber.A trojan. It is also possible to remove the Wesber.A trojan by uninstalling it with the Symbian application manager.

Prevention

Prevent future infections with F-Secure Mobile Anti-Virus

Sending SMS Messages

Wesber.A contains a fixed phone number (1717) to which it will send SMS messages. The sending function of Wesber.A attempts to send the SMS message five times and then quits. Each of those messages will be charged to the user's account and each message requires the users approval.

Wesber.A is of Russian origin. The 1717 number that it dials is in service in Russia. If users in other locales install this trojan, then 1717 may or may not be a number in service.

The Trojan arrives in a .jar file, named 'pomoshnik.jar'. The .jar file also contains following images:

Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 108.