Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Android botnet abuses people's phones for SMS spam

Jeremy Kirk | Dec. 18, 2012
In a new twist, spammers have built a botnet that sends SMS spam through infected Android phones, shifting the potentially pricey cost of sending spam to victims.

"We may see not only does this cost less for the spammers, but if they can spread their spam over a larger and larger number of phone numbers...then it makes it harder to block this on an individual phone number basis," Conway said.

Victims also face an additional problem if an operator decides to shut down their phone due to spamming. The malware also blocks incoming SMS messages, so if a recipient of a spammy SMS complains and sends a text message in response, the victim will still not know their device is being abused, Conway said.

The spammers appear to still be testing the method, but spam volumes are rising, Conway said. The recipients of the spam are so far just in the U.S. It appears that around 800 phones are infected with the malware. As recently as two weeks ago, the botnet was sending upwards of 500,000 messages per day.

Conway described the botnet as "primitive" and not at the level of sophistication of botnets that abuse desktop computers. But it does herald a new level of innovation among mobile spammers.

The best advice for Android users is to avoid downloading applications from untrusted sources. Google scans applications in its Play store for malicious behavior, but unvetted Android applications are widely available around the Internet. Conway said he believes the campaign is geared toward exploiting younger Android users.

"The younger you are, the more likely you are to engage in risky behavior with your mobile phone," Conway said.

Recipients of spam can forward a suspicious message to "7726," a short code for the GSMA's Spam Reporting Service, which is run by Cloudmark. The company analyzes the messages. Depending on how the operator wants to handle it, spam messages can be blocked or the malicious link within the message can be removed, Conway said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.