View Single Post
Old 07-09-2009, 07:36 PM   #23 (permalink)
BBF Spam Killer Moderator
daphne's Avatar
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
Carrier: VZW but not for long
Posts: 9,172
Post Thanks: 122
Thanked 149 Times in 118 Posts

For the J2ME/RedBrowser.a to work, the user would have to install it and allow it to run.

BlackBerry Advisory - J2ME/RedBrowser.a

A user must choose to download this program through their BlackBerry browser. The program purposes to allow for WAP browsing via SMS. In fact it tries to send SMS messages to premium numbers.

Note that on the BlackBerry the user will be prompted when the program attempts to send an SMS message and the user must authorize the transaction.

Knowledge Base article KB-04916

The McAfee advisory link:

This is NOT a BlackBerry vulnerability. The user must choose to download this un-trusted application and then must authorize the SMS connections that it attempts to make. The KB article discusses this and addresses some general mitigation strategies for an administrator.
The McAfee link says its a "proof of concept" trojan, meaning not used, but designed for testing.

Method of Infection -

This malware requires that the user intentionally install it upon the device. As always, users should never install unknown or un-trusted software. This is especially true for illegal software, such as cracked applicationsxxx8212;they are a favorite vector for malware infection.
A BES administrator could easily block and remove this.
Report spam text messages to 7726
#BlackBerry by choice

Last edited by daphne : 07-09-2009 at 07:38 PM.
Offline   Reply With Quote