View Single Post
Old 07-09-2009, 06:36 PM   #23 (permalink)
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Z30
OS: 10.2.1.12
PIN: X1ZPY34K
Carrier: VZW
Posts: 9,169
Post Thanks: 122
Thanked 146 Times in 116 Posts
Default

For the J2ME/RedBrowser.a to work, the user would have to install it and allow it to run.

BlackBerry Advisory - J2ME/RedBrowser.a

Quote:
A user must choose to download this program through their BlackBerry browser. The program purposes to allow for WAP browsing via SMS. In fact it tries to send SMS messages to premium numbers.

Note that on the BlackBerry the user will be prompted when the program attempts to send an SMS message and the user must authorize the transaction.

Knowledge Base article KB-04916 http://www.blackberry.com/knowledgec...nodeId=1199859

The McAfee advisory link:
J2ME/RedBrowser.a

This is NOT a BlackBerry vulnerability. The user must choose to download this un-trusted application and then must authorize the SMS connections that it attempts to make. The KB article discusses this and addresses some general mitigation strategies for an administrator.
The McAfee link says its a "proof of concept" trojan, meaning not used, but designed for testing.

Also
Quote:
Method of Infection -

This malware requires that the user intentionally install it upon the device. As always, users should never install unknown or un-trusted software. This is especially true for illegal software, such as cracked applicationsxxx8212;they are a favorite vector for malware infection.
A BES administrator could easily block and remove this.
__________________
Report spam text messages to 7726
#BlackBerry by choice #BlacBerry 10 is here!

Last edited by daphne : 07-09-2009 at 06:38 PM.
Offline   Reply With Quote