Text Messaging Used as Malware Lure

By Ryan Naraine  |  Posted 2006-06-23 Print this article Print

Botnet herders have found a slick new way to hijack data from computer users for identity theft.

Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones.

The latest social engineering trick is to send SMS (short messaging service) alerts to mobile phones with a warning that the target has subscribed to an online dating service that racked up expensive charges on cell phone bills.
The message includes a URL for the user to unsubscribe to avoid the $2 per day charges.

According to a warning from anti-virus vendor CA, the URL points to a Web site rigged with Win32/Bambo.CF, a Trojan horse program used by identity thieves to hijack sensitive user information.

The fake dating Web site associated with the scam has been set to entice targets into entering the phone number. At this point, it attempts to load an executable file called "unregister.exe."

Interestingly, the Web page does not attempt to exploit any software flaws. Instead, the attacker provides step-by-step instructions to click the "Run" button on each warning page, providing an easy way around the Internet Explorer security warning prompt.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub. If the program is run, it installs the Trojan, CA said in its advisory.

At press time June 23, the malicious Web site was still active.

Websense Security Labs, a San Diego, Calif., malware research company, said the bot is a variant of Dumador, a back door that opens two ports and allows the computer to be remotely controlled by malicious hackers.

Dumador is controlled by a Web-based HTTP controller that is used to send commands to botnets. A botnet is a collection of hijacked computers used to send spam or launch distributed denial-of-service attacks.

While bots are mostly controlled by IRC (Internet Relay Chat) channels, researchers at Websense say Web-based controllers have become popular with bots that are used to capture and transmit keylogger information and to store user data.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel