Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SMS spam intensifies, ranging from pesky to perilous

John P. Mello Jr, | July 29, 2013
'Over-the-top' services are used to disguise text spam campaigns by sending a few messages from many phone numbers.


Bogus cruise offers, diet pitches from hacked domains, and the use of over-the-top services to foil spam fighters have been some of the top trends in SMS junk messaging thus far this year.

As the summer heated up, SMS spam related to warm weather began to clog texting channels, according to Cloudmark's Global Messaging Threat Report for the year's second calendar quarter.

SMS spam with a summer motif appears to have peaked just before the end of June when more than 20 percent of all junk texts contained subjects from free cruises to the Bahamas to dieting tips to fill a wild bikini, Cloudmark reported.

"There's a standard hook to these campaigns," Cloudmark Threat Researcher Andrew Conway said in an interview. "It's free stuff."

It used to be free iPads, he continued, then it was free gift cards. "Now it's you won a free cruise," he explained.

It's probably no coincidence that cruise spam started up just about the time theFederal Trade Commission started cracking down on gift card text trash in the spring. "We will see periodic downturns after a particular form of monetization gets stopped," Conway said.

"When the FTC took action against gift card spammers, we saw a downturn in that," he continued. "However, it came back as cruise spam."

Phishing still rules

As popular as free stuff scams are, they still placed behind phishing for bank accounts and adult content junk in spam volumes during the period.

Bank phishing spam is usually designed to obtain information about a target's bank account or lead a victim down the path to infection by a banking Trojan. "Up to now, we've seen SMS Trojans wreak havoc by sending text messages to premium service numbers," Liviu Arsene, a mobile threat researcher with Bitdefender, said in an interview.

"However, during a six-month study we just completed, we noticed some malware samples acting as banking Trojans, specifically the mobile version of Zeus," he said

That Trojan intercepts SMS messages sent to a phone to confirm transactions for bank accounts. It prevents an account holder from being tipped off by the bank when an unauthorized transaction is performed on their account.

More and more cybercriminals will be exploiting text messages in the future, predicted Alex Balan, head of product management for BullGuard. "Text messages are a very good way of luring users into clicking stuff simply because you can spoof the sender of a text message very easily," he said in an interview.

"That makes them very believable," he added.

Finishing just behind free stuff in the Cloudmark tally was "We Buy Junk Cars" spam. Those spammers have become quite refined in their techniques, noted Ciaran Bradley, vice president for handset security products at AdaptiveMobile.


1  2  Next Page 

Sign up for Computerworld eNewsletters.