Android Trojan Used To Create Simple SMS Spam Botn by KingFISHER 2012/12/20 08:48
A new crop of trojan mobile applications are demonstrating simple mobile botnet behavior, leveraging infected handsets to spread spam and invitations for other users to download the infected apps. This new evolution of malicious mobile applications is presently being monitored by the Cloudmark mobile security research team who had been investigating a strong uptick in mobile originated spam over the past week.
A new crop of trojan mobile applications are demonstrating simple mobile botnet behavior, leveraging infected handsets to spread spam and invitations for other users to download the infected apps. This new evolution of malicious mobile applications is presently being monitored by the Cloudmark mobile security research team who had been investigating a strong uptick in mobile originated spam over the past week.
KingFISHER 2012/12/20 08:51
A random invitation received via SMS to download a free version of a popular Android game like The Need for Speed Most Wanted or Angry Birds Star Wars may seem enticing, but as your intuition may hint the offer is often times too good to be true. If you do download this “spamvertised†application and install it on your Android handset, you may be unknowingly loading a malicious software application on your phone which will induct your handset into a simple botnet, one that leverages the resources of your mobile phone for the benefit of the malware’s author. In the case of this latest batch of SMS sending malware that the Cloudmark Research team has been monitoring, your phone will be used to silently send out thousands of spam SMS messages without your permission to lists of victim phone numbers that the malware automatically downloads from a command and control server. You better have an unlimited message plan or your phone bill may come as a bit of a shock.
A random invitation received via SMS to download a free version of a popular Android game like The Need for Speed Most Wanted or Angry Birds Star Wars may seem enticing, but as your intuition may hint the offer is often times too good to be true. If you do download this “spamvertised†application and install it on your Android handset, you may be unknowingly loading a malicious software application on your phone which will induct your handset into a simple botnet, one that leverages the resources of your mobile phone for the benefit of the malware’s author. In the case of this latest batch of SMS sending malware that the Cloudmark Research team has been monitoring, your phone will be used to silently send out thousands of spam SMS messages without your permission to lists of victim phone numbers that the malware automatically downloads from a command and control server. You better have an unlimited message plan or your phone bill may come as a bit of a shock.
KingFISHER 2012/12/20 08:51
The trojan apps were downloaded from sites on a server in Hong Kong offering free games. They claimed to be copies of popular games including the ones I mentioned. Don’t do it! Of course you have to jump through some hoops to install an Android app from a random web site rather than Google Play. Don’t do this, either Then you have to grant permission to the app to do all sorts of things that no Angry Bird should ever need to do, like surfing the web and sending SMS messages, but not many people read the fine print when installing Android applications.
The trojan apps were downloaded from sites on a server in Hong Kong offering free games. They claimed to be copies of popular games including the ones I mentioned. Don’t do it! Of course you have to jump through some hoops to install an Android app from a random web site rather than Google Play. Don’t do this, either Then you have to grant permission to the app to do all sorts of things that no Angry Bird should ever need to do, like surfing the web and sending SMS messages, but not many people read the fine print when installing Android applications.
KingFISHER 2012/12/20 08:52
Once installed, the trojan initiates a connection to a command and control server. The C&C server replies with both a list of spam target phone numbers as well as the message payload to deliver. After the payload is retrieved the application would duly start SMS spamming, reporting back to the C&C server on each message sent. The zombie communicates with the C&C server using HTTP. Typically a message and a list of fifty numbers are returned. The zombie waits 1.3 seconds after sending each message, and checks with the C&C server every 65 seconds for more numbers. The application reloads automatically after a reboot as it installs itself as a service on the handset.
Once installed, the trojan initiates a connection to a command and control server. The C&C server replies with both a list of spam target phone numbers as well as the message payload to deliver. After the payload is retrieved the application would duly start SMS spamming, reporting back to the C&C server on each message sent. The zombie communicates with the C&C server using HTTP. Typically a message and a list of fifty numbers are returned. The zombie waits 1.3 seconds after sending each message, and checks with the C&C server every 65 seconds for more numbers. The application reloads automatically after a reboot as it installs itself as a service on the handset.
KingFISHER 2012/12/20 08:55
We first saw this spammer on October 26th, when the trojan claimed to be anti SMS spam software! Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://[redacted] .com That attack only lasted one day. Apparently using SMS spam to promote a bogus SMS spam blocking service was not an easy sell. The spammer came back on November 10th, with the free games scam which simply attempts to get the botnet to spread,
more details
We first saw this spammer on October 26th, when the trojan claimed to be anti SMS spam software! Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://[redacted] .com That attack only lasted one day. Apparently using SMS spam to promote a bogus SMS spam blocking service was not an easy sell. The spammer came back on November 10th, with the free games scam which simply attempts to get the botnet to spread,
more details
#2 General Area
A forum for life in general. Post about news, social matters, relationships, lifestyle, or anything on your mind.
A forum for life in general. Post about news, social matters, relationships, lifestyle, or anything on your mind.