February 28, 2006 1:21 PM PST

Russian phone Trojan tries to ring up charges

Antivirus companies are warning of new malicious software that can infect any cell phone capable of running Java applications, not just feature-rich smart phones.

The Trojan horse was first spotted by Moscow-based Kaspersky Lab, which calls it RedBrowser. The malicious code poses as an application that promises people the ability to visit mobile Internet sites using text messages instead of an actual Net connection, Kaspersky said in a statement Tuesday.

Instead, the Trojan sends messages to certain premium rate numbers that charge between $5 and $6 per message, Kaspersky said. That could drive up the text message bill for mobile phone users in Russia on the Beeline, MTS and Megafon networks.

So far, Kaspersky has received only one sample of RedBrowser. It is a proof-of-concept Trojan and has not actually infected any handsets in the wild.

"However, other versions of RedBrowser, or similar programs, may well be circulating on the Internet," Kaspersky said. "RedBrowser is a sign that virus writers are extending their reach and no longer only targeting smart phones."

Other experts agreed, pointing out that previous cell phone pests targeted mostly smart phones.

Related coverage
Is your cell phone due for an antivirus shot?
Security and wireless industries disagree about how to fend off emerging threat.

"The (RedBrowser) threat itself is low risk and very specific to the Russian market, but it is an important proof of concept in the mobile space," a McAfee representative said in a statement. "It is the first threat aimed at feature phones using Java and therefore independent of either the Symbian or Microsoft operating systems for mobile phones."

The Trojan is a Java application, a JAR format archive. The file, called "redbrowser.jar", can be downloaded to the handset from the Internet, via Bluetooth or a PC link, Kaspersky said. The file can easily be removed from a phone using the standard application removal utilities.

Mobile phone users should be careful not to download or launch unknown programs, antivirus companies suggested.

See more CNET content tagged:
Kaspersky Lab, Java application, smart phone, trojan horse, malicious software

4 comments

Join the conversation!
Add your comment
You can't scam an Honest Person.
This goes to prove an old adage: You can't scam an honest person.

Gee, I wander what all these thieves thought they would get with a program that promises to let them steal internet service from their phone companies, for FREE.

Anyone that would be infected with this, deserves it.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
Not really independent
<<independent of either the Symbian or Microsoft operating systems for mobile phones.>>

Not really. Not really at all. What it means, is that the virus is dependent upon a Java implementation. Symbian ships with Java. Last I heard, Windows Mobile does not.
Posted by David Arbogast (1709 comments )
Reply Link Flag
Software is the problem right
Software is the problem right

I read the article and the comments. Software is the problem. No one is talking about finding a way of keeping the software offline or protected by a moat. All we hear is firewall which is busted before it is implemented. Think folks that if you keep hitting your head up against the sall wall, that might be the cause of your headache. That's what I think. Ciao now.
Posted by Iohagh (54 comments )
Link Flag
Free PR for security companies
Proof of concept trojan is being used to demonstrate the
importance of anti-viruses for mobile users and operators:-) If
you read the article carefully it explains that the trojan is
supposed to send premium sms. Anyone who knows how
content providers work with cellular operators may imagine what
operator may do to such a content provider who is using trojans
to fake users;-)) The simple disconnect of the SMS numbers
used by trojans is the less harmful thing, followed by the action
in the court. All this story is a cheap PR of security companies
trying to find other markets;-) Please don't treat readers so
stupid. And don't blow the hype.

One another thing: I was always respect News.com for good
news coverage. I just anticipate that News.com should sorta
analyse the news before re-publishing.
Posted by vitg123 (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.