Porn Scams Target Smartphones
Lexton Snol, PC Advisor
Cybercriminals have gone back to their old-school tricks to target innocent smartphone users.
In the days of dial-up Internet access Trojan Dialers were added to an infected computer calling out to premium numbers through dial-up modems. The unsuspecting user of the infected machine then received huge telephone bills.
The practice died out with the advent of broadband modems, but security analysts now warn that smartphone users are being targeted in remarkably similar fashion.
CA research engineer Dinesh Venkatesan, writing in blog post "Beware - Java Dialers that affect mobile bills" warns that its malware analysis lab has observed an increasing trend of Trojan Dialers "to target mobile devices and send SMS messages to high-cost numbers."
Like the old dial-up scam most of the threats are related to pornographic message centers, Venkatesan warns.
The malicious JAD application is packaged with a data file (load.bin) that has a list of high-cost destination numbers. The malicious application uses this bin file to form the text messages with the desired premium destination.
Yesterday we reported that future smartphones will come pre-loaded with anti-virus software clients to prevent the loss of data and services to malware.
Head of research at mobile-security developer F-Secure Mikko Hypponensaid said it had seen a "handful" of diallers in recent months.
F-Secure's dial-up scam advice:
A typical case of this scam is a one where someone opens a premium rate number at local telecom operator and starts sending SMS messages to random mobile phone numbers. A typical message contains some urgent message and instructions to call the number listed in the message.
If a person calls this number he will be connected to premium rate number which will contain recording intended to keep the user on the phone as long as possible. As the number where the user called is a premium rate number, he or she will pay for each minute spent connected to that number.
If you get an SMS message asking for you to call unknown number, either ignore the message, or if you are interested use the operators directory service to find out to whom that extension belongs. But do not call the number directly.
Hypponen is quoted by the BBC as saying this style of attack is popular because "they get round one of the big problems facing anyone wanting to make money out of Windows viruses".
"PC malware can't just directly steal money from your machine; it has to jump through hoops like keylogging your credit card number or sending spam. However, mobile malware can just instantly steal from you by making premium-rate calls or messages," he said.