F-Secure Trojan Information Pages: Wesber.A

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Trojan Information Pages: Wesber.A

[Summary] \| [Disinfection] \| [Detailed Description] \| [Detection]
Name :	Wesber.A
Alias:	Trojan-SMS.J2ME.Wesber.a
Type:	Trojan
Category:	Trojan
Platform:	Java
Origin:	RUSSIAN FEDERATION
Date of Discovery:	September 05, 2006

Radar

Summary

Wesber.A is a Java 2 Micro Edition (J2ME) based Java Midlet that sends SMS messages to a specific phone number.

Wesber does not contain any social engineering tricks. Wesber sends SMS messages to one specific number and thus it may cause financial losses to the user of the infected phone.

Back to the Top

Disinfection

F-Secure Mobile Anti-Virus is capable of detecting and deleting the Wesber.A trojan. It is also possible to remove the Wesber.A trojan by uninstalling it with the Symbian application manager.

To prevent future infections, please download F-Secure Mobile Anti-Virus from: http://f-secure. mobi.

Back to the Top

Detailed Description

Sending SMS Messages

Wesber.A contains a fixed phone number (1717) to which it will send SMS messages. The sending function of Wesber.A attempts to send the SMS message five times and then quits. Each of those messages will be charged to the user's account and each message requires the users approval.

Wesber.A is of Russian origin. The 1717 number that it dials is in service in Russia. If users in other locales install this trojan, then 1717 may or may not be a number in service.

The Trojan arrives in a .jar file, named 'pomoshnik.jar'.

The .jar file also contains following images:

Back to the Top

Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 108.

Back to the Top

F-Secure Corporation

Last Modified: September 05, 2006