Summary
Wesber.A is a Java 2 Micro Edition (J2ME) based Java Midlet that sends SMS messages to a specific phone number. Wesber does not contain any social engineering tricks. Wesber sends SMS messages to one specific number and thus it may cause financial losses to the user of the infected phone.
Disinfection & Removal
F-Secure Mobile Anti-Virus is capable of detecting and deleting the Wesber.A trojan. It is also possible to remove the Wesber.A trojan by uninstalling it with the Symbian application manager.
Prevention
Prevent future infections with F-Secure Mobile Anti-Virus
Technical Details
Sending SMS Messages
Wesber.A contains a fixed phone number (1717) to which it will send SMS messages. The sending function of Wesber.A attempts to send the SMS message five times and then quits. Each of those messages will be charged to the user's account and each message requires the users approval.
Wesber.A is of Russian origin. The 1717 number that it dials is in service in Russia. If users in other locales install this trojan, then 1717 may or may not be a number in service.
The Trojan arrives in a .jar file, named 'pomoshnik.jar'. The .jar file also contains following images:
Detection
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update
build number 108.
Detection Type: Symbian
Database: 108
Description Created: 2006-09-05 13:45:31.0
Technical Details: Mika Tolvanen, September 5, 2006
Description Last Modified: 2006-09-05 15:27:04.0
Submit a sample
Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)
F-Secure Community
Give advice. Get advice. Share the knowledge on our free discussion forum.