For the J2ME/RedBrowser.a to work, the user would have to install it and allow it to run.
A user must choose to download this program through their BlackBerry browser. The program purposes to allow for WAP browsing via SMS. In fact it tries to send SMS messages to premium numbers.
Note that on the BlackBerry the user will be prompted when the program attempts to send an SMS message and the user must authorize the transaction.
Knowledge Base article KB-04916 http://www.blackberry.com/knowledgec...nodeId=1199859
The McAfee advisory link:
This is NOT a BlackBerry vulnerability. The user must choose to download this un-trusted application and then must authorize the SMS connections that it attempts to make. The KB article discusses this and addresses some general mitigation strategies for an administrator.
The McAfee link says its a "proof of concept" trojan, meaning not used, but designed for testing.
Method of Infection -
This malware requires that the user intentionally install it upon the device. As always, users should never install unknown or un-trusted software. This is especially true for illegal software, such as cracked applicationsxxx8212;they are a favorite vector for malware infection.
A BES administrator could easily block and remove this.