Android botnet sends SMS spam through Android phones
Cloudmark says it is the first time its researchers have detected a botnet that abuses sends spam through infected Android phones.
IDG News Service - In a new twist, spammers have built a botnet that sends SMS spam through infected Android phones, shifting the potentially pricey cost of sending spam to victims.
The trend, spotted by security vendor Cloudmark, poses a new challenge for operators. Victims whose phones are sending the SMS spam often do not know their phone is infected, and they could have their account suddenly shut down by their operator if abuse is detected.
"I think they [operators] are still working out how to deal with this," said Andrew Conway, lead software engineer with Cloudmark, which makes antispam products for operators. "This is fairly new."
Cloudmark noticed that a server located in Hong Kong was hosting two Android games, "Angry Birds Star Wars" and "The Need for Speed Most Wanted," for the Android mobile operating system. Both games were infected with malware that connects the phones with rogue servers that deliver instructions for a mobile spam campaign.
When connected to the rogue command-and-control servers, the victim's phone receives a list of around 50 phone numbers along with the spammy text, Conway said. The malware on the Android device will wait a little more than one second after sending a message, then will eventually check in with the rogue server to obtain more numbers. If the phone is shut off and turned on again, the malware reboots and installs itself as a service on the phone, Cloudmark said.
In one example, the spam messages contained links to the malicious applications in hopes of infecting other users. In another example, the spam message falsely informed people they had won a gift card. But in order for the gift card to be delivered, the victim is asked to pay a shipping cost of $5.95. Conway said the scammers then collect a victim's personal details for further affiliate marketing campaigns, as well as a credit card number.
Spam via SMS (short message service) is nothing new. In the past, spammers bought SIM cards in bulk and inserted them into a SIM card bank to start a spam campaign. As the spammy numbers are shut down by operators, the SIM cards are swapped out with fresh ones.
But with that method, the spammers incurred the cost of buying SIM cards. They also had to be in the same country as victims in order to avoid international SMS sending charges.
The latest method neatly avoids both of those costs. Conway said using malware allows the scammers to conduct campaigns from anywhere in the world at no extra cost. The people whose phones are infected will incur the costs of sending the SMS messages, which could be expensive for some people with monthly SMS limits, Conway said.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Malware and Vulnerabilities White Papers | Webcasts