Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Text Messaging Used as Malware Lure



 By: Ryan Naraine
2006-06-23
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Botnet herders have found a slick new way to hijack data from computer users for identity theft.

Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones.

The latest social engineering trick is to send SMS (short messaging service) alerts to mobile phones with a warning that the target has subscribed to an online dating service that racked up expensive charges on cell phone bills.

The message includes a URL for the user to unsubscribe to avoid the $2 per day charges.

According to a warning from anti-virus vendor CA, the URL points to a Web site rigged with Win32/Bambo.CF, a Trojan horse program used by identity thieves to hijack sensitive user information.

The fake dating Web site associated with the scam has been set to entice targets into entering the phone number. At this point, it attempts to load an executable file called "unregister.exe."

Resource Library:

Interestingly, the Web page does not attempt to exploit any software flaws. Instead, the attacker provides step-by-step instructions to click the "Run" button on each warning page, providing an easy way around the Internet Explorer security warning prompt.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

If the program is run, it installs the Trojan, CA said in its advisory.

At press time June 23, the malicious Web site was still active.

Websense Security Labs, a San Diego, Calif., malware research company, said the bot is a variant of Dumador, a back door that opens two ports and allows the computer to be remotely controlled by malicious hackers.

Dumador is controlled by a Web-based HTTP controller that is used to send commands to botnets.

A botnet is a collection of hijacked computers used to send spam or launch distributed denial-of-service attacks.

While bots are mostly controlled by IRC (Internet Relay Chat) channels, researchers at Websense say Web-based controllers have become popular with bots that are used to capture and transmit keylogger information and to store user data.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Text Messaging Used as Malware Lure
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}kS㸶j&sнc tMva잺U)V 3w7޵$IfiK^KKKK?y$3G3L{LcfQ;uOuޙ%w6{&R(-GgP+N-w5 E]0eFNv@\}@^sFwD%x_'Щѩ&€wɄIPؕͩ6}^~lv .pѶ ⌲Qm_Qk$Ё_ ܢ%y}RpDRB@Te$oQX}؁P=2tS6B x X^P~FD;5{N5yЀ`V黖6'CoAUVekV:6^ ;4r9Fȹ3z$aPrN7w#25IRZ@[ 4ԘHeCc`Ww,ǃɩT* TjQ3#mjZ35k-3GؾQ̀A3E5L_C($fҀ8#/׌<{e6O(L|@ɠiģF/˚7h42ۼMYnT\BX-UR~/^ߛiLTeם[ѾkPQTP.:9([p nkZT0督n{'Owy@ΰ{A~Aw" DT-JR,LDCaOlx:~HsxT㍒~wjy%R/ՋjA=P$ځf1S$!XI#F/XPGb9򳩥}o_]^uzmo^u'H>߉ecby1(ժ=TRJg!=ޙ:WKqGNWs!)|vf!5 0\68jo~/xSQ&ںa#j庤#1t=lIo]^uHN,ɿNgپBd}#$7WReQ oȱo>0@|Ӡd8[r, ߱n\S;G`hoX ^YK70Sh_3;j\K}0[#RFp &JpJq䰉cYSl \捇oBiOd$e ,}PYtBFͨ8 . If0;A0<^f/_\D 1 p1S{".S4epv~ZnV͉*YX]uUjZlY?iKsq__I{vǫ # EHYf7-vI0ꨦV+t ?Jjj%xPW 8ʍ??1m!S[ö@ .i3+k~L>:mNRm)5ٴ1l;4d}t>჆(>hhƋMriOLrӇtu@{ͣn]='tfo7,Abχ@a`N6rjLP"iAЂMx>tTێ]6}l2w9;-(;hk =`D+wCPb(=բ!Tgf,Zz] X.s 6Gv64-03RN\Q@Ǣ dQJ$@!"-i]NP@Ar6< -8,rr8ޑvR.%rP˛nOq$9cgڹ&,R,ЂW-Kᗄtfh(L=?뺾j1!G,D`v9r,L.[ ϴ6JԍyRpJ >Ф7= K9ܺyge,@X%\EwTt t?{\ g7!v<9%st0h3VhL( ./| `0'펮S95mX0NL}B"+p5(Bk?fx Q&=6=g\2'4P%~Kؠ9A7ÚLCV+ow; =1q ؇CUT3_I<2pGҶLoj@>|zS.z8 9r!M5kb$`CfO q^i.;[Lg˺z+fYX]۽/ 7ryO4 m{24@0ٖk_Xt jQVt0:T em:bZGJG!1~h/a2(_Opw{{j@_ܰ큡KQ"'G&,-s V+^Ϛe+ L 24`? DlVCax9ZzG As,\OD .>v G #p:H%2ĂN?1& [BUjJb3}Ä끄_ƅ/Љc`{:ߛ CǚO]Sa綠.J-&jFh>j GC1ɉV*a0؋TMk<͝tmļRF_@iTWʅĨ'Q?{2,exY΁5mIr'j3s\}ZJ,89!Ro5> U4 đMTb0vQغ;(12qŝa&?@&R)Ö1SghiG[T&j/AbPI}&Xk5F><}"}qVx@ Ez .҈ ZsgD(rHUX#U鬢cKQ0SKm{hAy-X\>(Dtl?`"!>}ڣnssQ*/s73g T|OfZV,֪16DZV\=()j{}|3??=ehČR8pF#}y _P݉h?' vo?SM \js>#.S+ #.# ,c`2$hWX/IZ`L 'L)n0LW&K.(ۉk=ibgH58Aqs;OM*?R'%:"pwCTEeԻ5ebՈ=G:`BEWFڬ,pZv/iYOS)%Vt u| `_snM<=K$ XFj} ZQa/Y+> ) L40Ȑ%=Gl3۩x]܁c2P=H(T\g7cME]ac6U{zn&)Zڝ/GGvhTJ噛>67=Od[̌<9A7V"=_g`%sQl x@̬m#u3m97a~Y-0>OX Fb&T~\zYRglס3/n22󓫻玾V/X#1\APB!lj̕em6~z&zi0bw)n<0{L3gJ>6 inUrd2~6(Z`E'8wD1$5۝6,1y$ z9pY(*"5@Z_AҰg /3_5u_f&קnu$ 0jyH1kTrHU m{\ cw=UL]qTYf)(k@q΀4OxZT+EZz,jJ@BD|dEkwiŏ[oȧ5rvݏG>+*~%եGQu|b*ŪR.$yVp8{\T!n?mVVW`j-^2۹i n.D[ 4˷ʨK^͖K%4e3/ -9@X<y}bhaL%Q;k]Ah1secfaI3N9`{IO$# J3dVVZ]@ש5I-֊R{̡=2f{cі$}/\FI'sSf﹮ utDoSwg4cć) sgCRRHwضZVr?'DMÀ1ZRQ"Y@rrZRU+ ePxt|{W !i*6ǷWXOdK!MWF@"'! M+73,`jbU\[FDssbh^fzwoz o@/I6&YUihj/O0ƙ0o9mw>4{>{q O>*u.'R͏.0oR=; J@c$=ĸڐ}dvlw.>HW6Yx0\m6<԰6M" FW5CuW0E)y,ݫ'^t&֒}UYxr!qa'lSϝ/AĚ_f?!|F<A(5@+JFwzgщ{mE b#ADrIGzRFijQʼn/`Ec1:}Qt":H/R~C<B<_dxD %BY{pң3YJ긵vqa~:)}Agm9˙@ҴN/ Í7"tSO+ԛ}21 &r֚Sd[D {BY~TwJd:$-zbeQfIl?eRJɔ&]J؏ z>SB&T5˓$-+I^O Eq ie*ʒ*~ j'1ۡX#ґ֛].6G8 (OLkrisy/Psa%1sgKe  KQk Q,TH>b)-#*VjRZ-.*$;ӒstH1#q vϓ;~\[ܕ𣉣S99Xa8: ˳0q1~<,?4f89n+Һ?1L۠_ |1$?[0;#|&~>xFM{@uS棏g ڝ9krİy}l{25[hؕv{vO r4]9hngUcf;I2ӱ$BEͫ*ʾ\EVdΜtѓ dx|t2(o9P2QtI JG3[g̞x~K7bc8w@?'wUGGpSxw6{eeQJW=q-@kjyJ\r}u?.r`\TkzH^8Xڽ] uUmq5Oyc~‡i4&Kmm` \'79T|]sw\r^ZY3?x"z6O0l)}2ձ{Sr]ع|ψF{0jjz$Sb`R,Q(HAʛFӎ7֊[lvvn h-l0`x2QR7ޢ;3 F3S]͎`줋o@  o&.[,:,̰)!S^;-fOV#Mc_*nyg38c:&.ʾ0P(V,aYfj1[zREdJf:+qMIlj̳&E%KR$]q$q/k{ ܂0K`􅛧rbj")dcHH,$sb@'KY!ɤɨvy2T6f)Zs42H||n 1C0˚E``]{'v,Wc\@hrbrR/?/:]gE z&*bdi'BbT BiՠS"a-*ҍM>R(sn-rwdAIY/*N^?|}:O{o{2TahB[RK}f2C:tt>ﰐ` &A`r^3h5@X$l HM4WF/QEN$^V1HKE-H`dInKߛJꂝ1ҕs~ޓp 2GJ,-@ 0ȾrT2xQѰzޭnJDx~l\zfZP Rb%`:H@`L^xP^O*M  k[p_4lꉻDף瀜f>E vR^ -H%7@h!~+kyuD4 Zؔ\O'Wkx*[S`Q͟0;YX̗/j\[dG" O9K$(zŐё6r)#7±R.]^U ݯ-+R|g7W/]3(_S! V SMv 彷-[j):X)\зhZ6ё %^— i,ÿyya&*`%7Ϧ}>CG@l0U7@]lӾr[=}ڕ0eś33Zá9d a^y66"Dl֯lH*՗"O5 Δy & ng1qC`8eHjQ)5Ӊ#PImDP1( u+FR!d4:GIO!K****|B^*^p=sP#x(-ޮΖ@R+:!5kςUfOtY<6.,`+Y?lF<K JY3fWKǰ8x@Ek~Oċ0'~q=h3t3qFGG|7Z=XRx+f+ӿEP]/{!x4=cmnZk{$Z`ΜG^kbU*8Robئ؝, :y.6÷I8ܬZ7X$_BO..ޮcbjApxYO'|O/En/6_*KOp\dI'y{@dm?^-Y?`C䷿T}d1Vsd2QaBq'dN] 4;8q'%j~h!W:&8-Rx )PSo]x?1 (ǝ@ @KY~!z^)awǶz3PFc`j8BXk\{$5d_M ,މaM.)ȁ.E#TVg`*Dz'NtfaE*ǹaX%'0-gܕŤ=BH 4~AX^qS3"e6#eT[QS]Z[Ԓ3h!@ BrXD Ň^w "Kqby3M5kiaRð1f f(xѴ B*]sN GUs\: G ]N1xy[Ò+5&L8RE(*Io$TC(B-r(M` V~Ũt?YM13цX50~fDZGav̈́󄾋7Zz]L757:Q)rsٷ\'7'E[TvXϚ2Cmj|)5,\ :\πJ*jA4`}"iR$24̮VV@-JR;pC; }W}yJM-TZIܣz l"nRRF>7\=`zҧEPP.(6zzϵ[ʃ(l@̵pr cUn4ݵXuKk qLnb : Hm#nAµmLz:5rLDnx&-Sý,&HPjߙc G^m.9S#=aXYrRfsp&Yq(oks!=څ]`aiL &&蜜jfMNj\o`\adz /'}& )<]С {Ꞣߒ_q48ڀkcEl~E:xd»;6ȝ>>B&s'؏pS;B΀௅nX{+$ʽOg-<-bWld"$@ޑ_پi?"=:g};kzxX2 嵉DGknnD|F!@nj ρOe> (]Axi3 Bx7t'l9e>q0S/{φ\n\h:L8!i oFEP/1Qݹ ?1! g@6L-ǡaIAX#hBGH[~cMNsxXm!a]q9SۈX 9Q",>5L[f/\#!o# KmE{Ss9z!Kqyy/5?+D:ƨ; (`E7@-G,(ωB5D*%n67PFWͬ0SL\Xej xpƧxm 6(? m6d5KqfldaQZ(G71<Tg0Y0غ9PūA~gu|^"_ӄ\I \QY / Ij W{uGSISʵ?s;./>iv{GW~{Ag^~>\/:\@c~/晶xQ(;KFYufvʌTNc.ͅdUh,Y284dG_1}4eΟ~D0/* F8[NOA~؊km8Gj|q3_.9r Χ^;Jc>4rUMo )n}>E; MjV}QuxQ?f f_APj+ ݌rcq;ʏ֗~N2!z}i'AS(?(#3a~/2".`.2 f ! _2>.ˌ~2eeϠ_˯3*}'ߧ @MV9M@7d_RIRV.qv%sQ^53\y~)P'u(ϐgg z22ϕbόW ~>{'sg#Q8^a(芪g-U兗fZk Ǹju16 4xW /ByeoRI: A)A. 3l?V\[[,Oнۺ{ gBݓs+z`~J\Yd}+|UnE+tjq&R<#s"qDZJ96baOd_ U͉(s#h0 .Ñp[x剹?|k2xwI0?xOb*9n }9 #p}uӚܴO8ŭhg?>/ydֺWWV5WlNA6KEҾM^?;}u:\>C{6m'K }MoNDVN)pB ^a%ɠ1zI\M ;wctMPZjкU4pGn ~1-cH$ΆR% J\~ܑN {D0*+P#}a`J^.U&K=3 .mM3_ & 5ϡ'N"3qC>&J D )xxkm4DR{_DmBrPռD<'um

CqncOaitG2WZoT($tPYzt<&~ł)#,|HTPsHO-N-ONk&c Sچqrf[W1^{3 E3$ư4}%J!+KE-F{W3v,=GIjg_5 BF3q< Y8V"czG-Ŵz LJ @BoY%:oqj[i>f[BI<`5_x|XqE*9"ao )@A uXqKNvޒێƾ( ;F~؎BOwK{ ,AP6N>L#]A>XfeMc0ŬBCh=)P?'[nG\k<>aiES0c<z@n0$ /-ix]E1F2z d|*_Odxƪ~axx=F=gsxM0IS`i/Bs^n ")1<&oEc ?dtK&bSpQ@ l_ѮB`vlPP`Oՙz&0lB e ȡ(lyJ͜GċOW<2JP'j|Vw(̝ -ӟ~H׶QĶ`:Vږ*zYD1e~}=3Ӳg(q",@zqwx3AEWk,^reXջ$'Ps::hՆG0^qYSl@ sxS b Gm;qSrM9QmQ--N?X71Ȟ|N4u ۲|ږa=rk`cΜ U  =[=܋;}#\:1F`]cc lI12#, $8jVI;;a0&iE-㨤t`C v_Ή~ph[ cL ;fcXJ ,oԛN*)Asa#"- sK29),#ǝTS>(zo.^S {e75wHS#z.fI|Ԃ!4gnh]1fzBO .\W654Ƙe>\{&L+ 92lv* XJ!KŬ"&D0H'R:tsh;hY3T*D%L0M=@&/&ف,{[нDnxLs-χ"FĂ+"eW~q$Yèy6xL k ED;idM^p+:cQEae=JF01{6J܆mJPQN9VKI+n^iTN̎c>tg Mt )>)vml-6C-;*