Beware of malicious attacks via hoax SMS

The next time you get an unusual text message on your mobile confirming membership for a service that you never subscribed to, remember, rushing to unsubscribe it on a specified Web site could trigger off a malicious code, says this news item in Business Line.

Regards.

- Dilip

___________________________________

Source: Business Line, 29-06-2006

Beware of malicious attacks via hoax SMS

Our Bureau

Security risks associated with mobiles now a reality: Websense

New Delhi , June 28

The next time you get an unusual text message on your mobile confirming membership for a service that you never subscribed to, remember, rushing to unsubscribe it on a specified Web site could trigger off a malicious code. Websense Security Labs, which investigates advanced Internet threats, today warned of reports of users being lured to install malicious code via hoax short message service (SMS) messages.

"Victims receive a hoax SMS message on their mobile phones, thanking them for subscribing to a fictitious dating service. The hoax message states that the subscription fee of $2 per day will be automatically charged to their cell phone bill until their subscription is cancelled at the online site. Users who visit the site to unsubscribe from the service are prompted to download a Trojan bot," Websense said in a statement.

A bot allows the originator to control the targeted PCs remotely, for nefarious purposes including launching virus attacks. A computer that has `bot' software installed on it, through a malicious Web site or Trojan horse, is called a zombie. Such zombies are controlled remotely by the attacker using commands to which the machine's owner is oblivious.

"We are seeing the next evolution of blended threats exploiting a new attack vector - SMS over a mobile phone. There has been much talk of security risks associated with mobiles for years and they are now becoming a reality. As mobiles have become an essential part of our everyday lives, they are an extremely attractive lure for criminals who want to exploit their huge user base," Mr Surendra Singh, Head South East Asia and India, Websense said.

"Using a Web security solution is the first line of defence for any PC user so they do not access the infected Web site, but this particular incident shows just how difficult it is to prevent such a sophisticated social engineered attack using both mobile and Web," he added.