Content
J2ME/Boxer
- Type
- Trojan
- SubType
- PDA Device
- Discovery Date
- 07/02/2009
- Length
- 8,292 bytes
- Minimum DAT
- 5665 (07/03/2009)
- Updated DAT
- 5665 (07/03/2009)
- Minimum Engine
- 5.3.00
- Description Added
- 07/02/2009
- Description Modified
- 07/02/2009 7:42 AM (PT)
Tab Navigation
Characteristics
J2ME/Boxer is distributed in a JAR file named "foto.jar". J2ME/Boxer sends SMS messages to the preset nuumbers. Both the number and the message contents are stored in an encrypted form within the file inf.dat, which is read at runtime. An alert is displayed to the user when J2ME/Boxer attempts to send an SMS message. Fig 1 - The user must authorize the sending of SMS messages: The inf.dat file is encrypted with a simple xor algorithm and contains the following: 7122 vis 10199|7132 vis 10199|8355 vis 10199|8355 vis 10199|7132 vis 10199|8355 vis 10199| The data is a list in the format "<SMS code short> <SMS body message>" separated by a "|" character. J2ME/Boxer will attempt to send out each message listed in the inf.dat file. Fig 2 - Log entires showing SMS messages sent by J2ME/Boxer: 
Symptoms
Attempts to sends out SMSs messages to preset numbers.
Method of Infection
This malware requires that the user intentionally install it upon the device. As always, users should never install unknown or un-trusted software. This is especially true for illegal software, such as cracked applications—they are a favorite vector for malware infection.
Removal
-
Variants
Variants
N/A
All Information
Overview -
J2ME/Boxer is a trojan which sends SMS messages to premium rate numbers.
Aliases
- Trojan-SMS.J2ME.Boxer.i (F-Secure)
- Trojan:Java/Boxer.A (Microsoft)
Characteristics
Characteristics -
J2ME/Boxer is distributed in a JAR file named "foto.jar". J2ME/Boxer sends SMS messages to the preset nuumbers. Both the number and the message contents are stored in an encrypted form within the file inf.dat, which is read at runtime. An alert is displayed to the user when J2ME/Boxer attempts to send an SMS message. Fig 1 - The user must authorize the sending of SMS messages: The inf.dat file is encrypted with a simple xor algorithm and contains the following: 7122 vis 10199|7132 vis 10199|8355 vis 10199|8355 vis 10199|7132 vis 10199|8355 vis 10199| The data is a list in the format "<SMS code short> <SMS body message>" separated by a "|" character. J2ME/Boxer will attempt to send out each message listed in the inf.dat file. Fig 2 - Log entires showing SMS messages sent by J2ME/Boxer:
Symptoms
Symptoms -
Attempts to sends out SMSs messages to preset numbers.
Method of Infection
Method of Infection -
This malware requires that the user intentionally install it upon the device. As always, users should never install unknown or un-trusted software. This is especially true for illegal software, such as cracked applications—they are a favorite vector for malware infection.
Removal -
Removal -
-
Variants
Variants -
N/A