Only a little while ago we were discussing the possibility of someone taking the techniques of phishing by email and porting them to SMS. SMiShing instead of phishing.
While the name is catchy, don’t be misled, it’s actually based on a real event. A number of SMS messages were sent out to users in Iceland and Australia telling them they would be charged $2 a day for membership on a dating website. Victims attempting to “unsubscribe” from the site and daily charge get their computers infected with a backdoor trojan. The South Australia Office of Consumer and Business Affairs (OCBA) even put out a warning to consumers about the scam.
Considering that this Smishing event occurred a few months ago with nothing since, one might reasonably relax. We at McAfee Avert Labs would agree with you except that we’ve just received a sample of a mass-mailing worm that performs a Smishing attack. VBS/Eliles.A.
This is a standard VBS worm that skips the loading of a backdoor trojan and simply opens a backdoor on the victims system. Most of the code is in Spanish, with a few comments in German. That incongruence along with variations in coding style of the various internal functions implies that this worm is composed from disparate sources. Very script kiddie.
The interesting part is that it includes a routine to send Smishing messages to users of two Mobile Phone providers in Spain. Rather than calculating random IP addresses to send messages, this worm generates phone numbers within the ranges used by mobile phones. Eliles.A sends its smish message free of charge through the mobile phone providers’ SMS-email gateways.
Unlike the previous smishing episode, Eliles.A does not use the error in billing ploy. Instead this worm tries to be helpful by offering the victim free “antivirus” software for their phone, supposedly from their mobile phone provider. The smishing message specifically targets Nokia Series 60 phones. Users that download and install the software from the link in the SMS find themselves infected with malware. Fortunately, the download link is now dead.
We were startled to see a smishing attack turn up in a simple mass mailing worm. A malware writer who spends time researching a new attack will usually write custom code for it rather than reuse someone else’s code. Over time the attack gets packaged into standard routines and eventually included in the script kiddie’s toolbox. The transition from brand new to script kiddie use can take months. This is the malware equivalent of finding a machine gun in the stone age.
The genie is out of the bottle with regard to smishing. Now that the script kiddies are involved, we’re bound to see a rise in the numbers of smishing attempts in the coming months. So much for relaxation.
October 31st, 2006 at 10:44 am
[…] With the recent SMiShing incidents, the rise in for-profit mobile malware is definitely troubling. […]
April 22nd, 2007 at 8:10 pm
[…] And I don’t mean friends texting you porkies about the size of the perch they caught this morning. Security firm McAfee has warned of a new trend for ’smishing’, in which nefarious scamsters send you texts trying to get you to visit their website on your PC, which can then be infected with a trojan virus. […]
April 27th, 2007 at 6:25 am
[…] McAfee reported that phone users in Iceland and Australia received text messages telling that they had to go to a website to ‘unsubscribe’ from an expensive dating website. Of course, the website installed a virus on the hapless victims. […]
September 23rd, 2007 at 8:42 pm
[…] Avert Labs ha individuato le principali minacce per telefoni cellulari e le aree maggiormente a rischio per gli utenti: Messaggi di test, Contatti, Video, Trascrizioni telefoniche, Registri delle chiamate, Documenti, Overflow del buffer. Per esempio i ricercatori di McAfee Avert Labs hanno riscontrato esempi di phishing via SMS, noto anche come SMiShing, che a quanto pare sta avendo una notevole diffusione. I virus per dispositivi mobili possono anche “rubare” una rubrica e inviare messaggi che contengono a propria volta un virus, o ancora, essendo la maggior parte degli smartphone oggi dotata di videocamera e fotocamera, attraverso le API di Microsoft, il malware mobile può assumere il controllo del telefono e utilizzare la fotocamera per scattare fotografie. […]