Android botnet sends SMS spam through Android phones
Cloudmark says it is the first time its researchers have detected a botnet that abuses sends spam through infected Android phones.
IDG News Service - In a new twist, spammers have built a botnet that sends SMS spam through infected Android phones, shifting the potentially pricey cost of sending spam to victims.
The trend, spotted by security vendor Cloudmark, poses a new challenge for operators. Victims whose phones are sending the SMS spam often do not know their phone is infected, and they could have their account suddenly shut down by their operator if abuse is detected.
"I think they [operators] are still working out how to deal with this," said Andrew Conway, lead software engineer with Cloudmark, which makes antispam products for operators. "This is fairly new."
Cloudmark noticed that a server located in Hong Kong was hosting two Android games, "Angry Birds Star Wars" and "The Need for Speed Most Wanted," for the Android mobile operating system. Both games were infected with malware that connects the phones with rogue servers that deliver instructions for a mobile spam campaign.
When connected to the rogue command-and-control servers, the victim's phone receives a list of around 50 phone numbers along with the spammy text, Conway said. The malware on the Android device will wait a little more than one second after sending a message, then will eventually check in with the rogue server to obtain more numbers. If the phone is shut off and turned on again, the malware reboots and installs itself as a service on the phone, Cloudmark said.
In one example, the spam messages contained links to the malicious applications in hopes of infecting other users. In another example, the spam message falsely informed people they had won a gift card. But in order for the gift card to be delivered, the victim is asked to pay a shipping cost of $5.95. Conway said the scammers then collect a victim's personal details for further affiliate marketing campaigns, as well as a credit card number.
Spam via SMS (short message service) is nothing new. In the past, spammers bought SIM cards in bulk and inserted them into a SIM card bank to start a spam campaign. As the spammy numbers are shut down by operators, the SIM cards are swapped out with fresh ones.
But with that method, the spammers incurred the cost of buying SIM cards. They also had to be in the same country as victims in order to avoid international SMS sending charges.
The latest method neatly avoids both of those costs. Conway said using malware allows the scammers to conduct campaigns from anywhere in the world at no extra cost. The people whose phones are infected will incur the costs of sending the SMS messages, which could be expensive for some people with monthly SMS limits, Conway said.
- 3G/4G Digital Signage Guide Today, the widespread availability of 3G and 4G cellular or wireless broadband networks enables digital signage to be deployed virtually anywhere.
- Enterprises in Motion: In-Vehicle Networks In a world where traditional tethers to the central office have all but vanished, enterprises that operate vehicle fleets require constant and dependable...
- Uninterrupted Internet: Maximizing Revenue and Minimizing Business Risk with 3G/4G Failover Whether your businesses are connected to the Internet via T1/T3, or Cable, incorporating a mobile broadband backup solution adds uptime whenever there is...
- Trends in Pop-up Retail: Innovative Merchandising Driven by Flexible, Dependable Mobile Connectivity This paper outlines the challenges and obstacles to successful implementation, and discusses existing, rapid-deployment solutions for connecting pop-up locations with mission-critical retail applications...
- Don't Believe the Hype: Not All Containers are Created Equal Hear executives discuss the 3 C's of Secure Mobility-content, credentials, and configurations-and learn the inherent security risks to your organization of using MDM...
- Navigating the New Wireless Landscape Thriving in the new wireless landscape View Now>> All Mobile/Wireless White Papers | Webcasts