Thinking of sending an MMS message to a loved one?  Think twice before downloading mobile applications that promise just that. With all the hoopla that this love month already has going on, obviously malware authors are joining in on the bandwagon. Instead of making someone’s day, you might have unknowingly been victimized by an SMS Trojan that poses as an MMS application.  

We came across a downloadable file named ‘love_mms.rar’ (c0974da6494118324b1eb2ba4ae47a96a8e3b6c1) that contains aa JAR installer named ‘jimm2010.jar’ (40175bc9057fb8a0ce4fa09b6daa491bfa6051db, that we detect as Trojan:Java/Jifake.A) and several pictures with Russian file names related to Valentine’s Day. This file is available for download from certain websites and may be targeting subscribers on Russin mobile network.  Examples of the image files included in the archive are:

Figure 1, 2, and 3: The teddy bear says “I miss you”, and the hedgehog says “My heart is yours”.

If the user clicked on the installer, then while the user is busy sending these images, the code in the installer sends SMS messages to a Russian premium SMS short code number, which can charge the user without his or her knowledge. Note that the JAR installer runs on any mobile platform that supports Java, such as Symbian and Windows CE operating systems

So before you send in those love greetings, be aware that malware authors are also doing their best to cash in on unsuspecting mobile users.  Just be sure that you get those pictures from reliable resources and not bundled with some shady application to enjoy a worry free Heart’s Day!

Marianne Mallen
MMPC Dublin Lab