We've been trying to murder a (UK-based) GS III here at Engadget, but with no luck as yet -- we can cause the malicious digits to appear in the dialer, but we can't force the stock browser to visit them as a URL, even when trying a bit of URL forwarding and QR code trickery.
ENGADGET: 'Dirty USSD' code could automatically wipe your Samsung TouchWiz device (updated)