Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones.
The latest social engineering trick is to send SMS (short messaging service) alerts to mobile phones with a warning that the target has subscribed to an online dating service that racked up expensive charges on cell phone bills.
The message includes a URL for the user to unsubscribe to avoid the $2 per day charges.
According to a warning from anti-virus vendor CA, the URL points to a Web site rigged with Win32/Bambo.CF, a Trojan horse program used by identity thieves to hijack sensitive user information.
The fake dating Web site associated with the scam has been set to entice targets into entering the phone number. At this point, it attempts to load an executable file called “unregister.exe.”
Interestingly, the Web page does not attempt to exploit any software flaws. Instead, the attacker provides step-by-step instructions to click the “Run” button on each warning page, providing an easy way around the Internet Explorer security warning prompt.
If the program is run, it installs the Trojan, CA said in its advisory.
At press time June 23, the malicious Web site was still active.
Websense Security Labs, a San Diego, Calif., malware research company, said the bot is a variant of Dumador, a back door that opens two ports and allows the computer to be remotely controlled by malicious hackers.
Dumador is controlled by a Web-based HTTP controller that is used to send commands to botnets.
A botnet is a collection of hijacked computers used to send spam or launch distributed denial-of-service attacks.
While bots are mostly controlled by IRC (Internet Relay Chat) channels, researchers at Websense say Web-based controllers have become popular with bots that are used to capture and transmit keylogger information and to store user data.