Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Device software

Reply
New Member
etisalat99
Posts: 1
Registered: ‎07-15-2009
My Device: Not Specified

Suspicious software update pushed by Etisalat

Hello everyone..

Today all the Blackberry subscribers for Etisalat (one of the official service providers in the UAE) received a WAP Push to download a JAR named "registration"

the description of the "update" was as follows:
"Etisalat network upgrade for Blackberry service. Please download to ensure continous service quality."
 
called the operator's hotline enquiring about the update, and they confirmed it's an "official" update that's meant to enhance network stability which users experienced last few weeks, causing email and BBM delays.. but anyone with two functional braincells would imagine such an update/fix would be done at the network side, rather than with an obscure piece of code pushed to client handsets as a WAP Push, rather than a service book.
 
out of curiousity,  downloaded, unpacked and decoded the file, and can't help but feel something is fishy here.

following is a list of the class files within registration.jar:

/Interceptor.class
/Registration.cod
/Registration.csl
/Registration.cso
/META-INF/MANIFEST.MF
/com/ss8/interceptor/app/Commands.class
/com/ss8/interceptor/app/Transmit.class
/com/ss8/interceptor/app/MsgOut.class
/com/ss8/interceptor/app/Log.class
/com/ss8/interceptor/app/Main$1.class
/com/ss8/interceptor/app/StatusChange.class
/com/ss8/interceptor/app/Send.class
/com/ss8/interceptor/app/Main.class
/com/ss8/interceptor/app/Recv.class
/com/ss8/interceptor/app/Constants.class
/com/ss8/interceptor/tcp/smtp/SMTPHeader.class
/com/ss8/interceptor/tcp/smtp/SMTP.class
com/ss8/interceptor/tcp/HTTPDeliver.class
com/ss8/interceptor/tcp/SocketBase.class

 put up the original JAD/JAR/COD File along with the unpacked classes and decoded ones in one zip file at http://iihs.net/registration.zip and attached it here for those interested in having a look.
 
there are interesting references in the software to alternate APN, as well as some BB PINs to relay certain messages through.
the whole thing seems VERY fishy
 
original thread deleted - but slashdot has picked up the story, so BlackBerry users won't be in the dark much longer.
Please use plain text.
Elite I
cathlabnurse
Posts: 6,269
Registered: ‎10-04-2008
My Device: STORM 9550 Verizon <><

Re: Suspicious software update pushed by Etisalat

http://www.blackberrynews.com/2009/07/15/patch-released-for-etisalat-spyware-on-blackberry/?utm_sour...

:smileyhappy: :smileyhappy: Nurse-Berry :smileyhappy: :smileyhappy:
_____________________________________________________________
Follow NurseBerry08 on Twitter
Please use plain text.
Developer
sheran
Posts: 36
Registered: ‎11-19-2008
My Device: Blackberry 9000 - Bold

Re: Suspicious software update pushed by Etisalat

I released a tool yesterday that you can install on your handheld to reveal the spyware.  Once revealed, its trivial to remove the standard way.  It also shows you any other hidden programs installed on your handheld.  Read more here http://bit.ly/YNFsP
Chirashi Security
Please use plain text.
New Member
369joy
Posts: 1
Registered: ‎12-27-2009
My Device: Not Specified

Re: Suspicious software update pushed by Etisalat

[ Edited ]

Hey there..  where can i find the Etisalat Blackberry service books.?

 

If you have them can you plz email me the copy.. 

 

[removed personal information]

 

thnx

Please use plain text.
JSanders
Posts: 84,511
Likes: 22,918
Solutions: 5,894
Registered: ‎04-01-2008
My Device: Z30 • Z10 • Torch9850 • Playbook
My Carrier: Verizon

Re: Suspicious software update pushed by Etisalat

369joy, posting your question in a five month old thread non-related to your issue is not a good way to get an answer to your need.

 

Create your own thread.




1. If any post helps you please click the Like Button below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes


Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4   Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA   Display/Scan Bar Code
Please use plain text.