Wesber.A is a Java 2 Micro Edition (J2ME) based Java Midlet that sends SMS messages to a specific phone number. Wesber does not contain any social engineering tricks. Wesber sends SMS messages to one specific number and thus it may cause financial losses to the user of the infected phone.
F-Secure Mobile Anti-Virus is capable of detecting and deleting the Wesber.A trojan. It is also possible to remove the Wesber.A trojan by uninstalling it with the Symbian application manager.
Prevent future infections with F-Secure Mobile Anti-Virus
Sending SMS Messages
Wesber.A contains a fixed phone number (1717) to which it will send SMS messages. The sending function of Wesber.A attempts to send the SMS message five times and then quits. Each of those messages will be charged to the user's account and each message requires the users approval.
Wesber.A is of Russian origin. The 1717 number that it dials is in service in Russia. If users in other locales install this trojan, then 1717 may or may not be a number in service.
The Trojan arrives in a .jar file, named 'pomoshnik.jar'. The .jar file also contains following images:
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update
build number 108.
Detection Type: Symbian
Description Created: Mika Tolvanen, September 5, 2006
Technical Details: Mika Tolvanen, September 5, 2006
Description Last Modified: Sean Sullivan, November 6, 2006
SUBMIT A SAMPLE
Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis