Hackers are using text messages via mobile phones to lure users into accessing a malicious website to build a “zombie” network.
This is the content of a warning bulletin recently issued by the security firm Websense.
Websense reported that this security attack employs “social engineering” techniques to trick individuals into visiting a dangerous website. A text message (SMS) is sent to users’ mobile phones thanking them for subscribing to a “virtual” service. The message indicates that they will be charged $2 per day for the service, which will be billed directly to their phone bill. The service can only be stopped if the user notifies the termination of the “virtual” service through a website.
Similar SMS messages are continuously sent repeatedly to numerous online forums, Websense warns.
This attack began on the fifth day of last week in the United States and was first detected by the security firm Sunbelt Software.
Once users access the website mentioned in the SMS to stop the service, they will be “encouraged” to download a Trojan. Moreover, the attackers provide detailed instructions on how to bypass security warnings in Internet Explorer.
After the Trojan—named “Dumador” by Websense—is installed, it will turn the victim’s PC into a “zombie,” allowing attackers to control the system remotely. This PC will become part of a “bot” network used for various online attacks.
“This is the first time we have witnessed this type of attack,” said Ross Paul, senior product development manager at Websense. “Basically, this attack uses social engineering techniques, which have deceived many victims.”
Websense stated that they are currently monitoring this attack but have yet to identify the mastermind behind it.
“In general, attacks of this nature are usually organized by a group of people. In some cases, we know their nicknames. However, in some instances, we do not,” Paul mentioned.
Websense could not quantify how many individuals have fallen victim to this attack. Monitoring botnet activities is very challenging because these networks can be located in various countries.
The Dumador Trojan allows attackers to use the HTTP protocol to control compromised PCs or trick victims into uploading personal information. The most common method of controlling bots currently is through Internet Relay Chat (IRC) channels.
The emergence of this new SMS attack method demonstrates a new trend among hackers. They will stop at nothing to target victims for illicit profits. Trojans, computer worms, viruses, and malware are no longer just tools for showcasing skills or gaining notoriety as in previous years. They have become real profit-generating instruments. This is a prominent trend in the current cybercrime landscape.
Hoang Dung
