Weekly Report on Viruses and Intruders – Trojan: RedBrowser.A
This week’s report looks at a peculiar Trojan: RedBrowser.A. This Trojan combines two trends that would seem to be establishing themselves in 2006: malicious code for cell phones and the malware-based business model.
As announced by PandaLabs in its reports on viral trends (available at www.pandasoftware.com/pandalabsreport), we are now witnessing a new trend in malicious codes. In place of traditional actions such as deleting files, hackers are out to get financial returns from their creations.
With this in mind, the creator of RedBrowser.A has designed an application that simulates access to WAP pages through free SMS messages. What really happens though is that a message is sent through the Short Message Service (SMS) to the number 1615. Sending a message to this number is charged at a premium-rate number in Russia, providing succulent returns for the service provider.
However, before sending the message, the user is asked for confirmation, thereby greatly reducing the potential danger of RedBowser.A. In addition, it is easy for users to recognize the Trojan, as it reaches the phone in a file normally called REDBROWSER.JAR, and displays an on-screen image.
Another clear example of the malware business model are the Nabload.BR and Banker.CDV Trojans. Nabload.BR is a Trojan which, avoiding the firewall in Windows XP, accesses the Internet without restrictions in order to take actions including downloading Banker.CDV. This password-stealing Trojan monitors whether users access web pages belonging to several online services, such as banks and mail services in English and German. In this way, it gets passwords, security data, information about the user and other confidential data. Then, it sends the information gathered to a certain web page.