From cruise offers to banking Trojans, SMS spam clogs channels

Bogus cruise offers, diet pitches from hacked domains and the use of over-the-top services to foil spam fighters have been some of the top trends in SMS junk messaging thus far this year.

As the summer heated up, SMS spam related to warm weather began to clog texting channels, according to Cloudmark's Global Messaging Threat Report for the year's second calendar quarter.

SMS spam with a summer motif appears to have peaked just before the end of June when more than 20 percent of all junk texts contained subjects from free cruises to the Bahamas to dieting tips to fill a wild bikini, Cloudmark reported.

"There's a standard hook to these campaigns," Cloudmark Threat Researcher Andrew Conway said in an interview. "It's free stuff."

It used to be free iPads, he continued, then it was free gift cards. "Now it's you won a free cruise," he explained.

It's probably no coincidence that cruise spam started up just about the time the F ederal Trade Commission started cracking down on gift card text trash this spring. "We will see periodic downturns after a particular form of monetization gets stopped," Conway said.

"When the FTC took action against gift card spammers, we saw a downturn in that," he continued. "However, it came back as cruise spam."

As popular as free stuff scams are, they still placed behind phishing for bank accounts and adult content junk in spam volumes during the period.

Bank phishing spam is usually designed to obtain information about a target's bank account or lead a victim down the path to infection by a banking Trojan. "Up to now, we've seen SMS Trojans wreak havoc by sending text messages to premium service numbers," Liviu Arsene, a mobile threat researcher with Bitdefender, said in an interview.

"However, during a six month study we just completed, we noticed some malware samples acting as banking Trojans, specifically the mobile version of Zeus," he said

That Trojan intercepts SMS messages sent to a phone to confirm transactions for bank accounts. It prevents an account holder from being tipped off by the bank when an unauthorized transaction is performed on their account.

More and more cyber criminals will be exploiting text messages in the future, predicted Alex Balan, head of product management for BullGuard. "Text messages are a very good way of luring users into clicking stuff simply because you can spoof the sender of a text message very easily," he said in an interview.

"That makes them very believable," he added.

Finishing just behind free stuff in the Cloudmark tally was "We Buy Junk Cars" spam. Those spammers have become quite refined in their techniques, noted Ciaran Bradley, vice president for handset security products at AdaptiveMobile.

[Also see: SMS becoming a meaty attraction for spammers]

One such campaign targeted the 786 area code in Florida. According to census figures, the average household income in that area is around $40,000 and 18 percent of the population is below the poverty line. In other words,a good geographic area for people looking to buy junkers at cut-rate prices.

"They buy cars from poorer neighborhoods and then ship them to South America where second-hand cars still carry a substantial premium," Bradley said in an interview.

One of the fastest growing spam categories during the second quarter, according to Cloudmark's report, was diet-themed SMS spam. Volumes of that kind of spam tripled during the period, as it reached 12 percent of all spam at the end of the quarter.

Diet spam has a common thread, the report said. All of it contains links to compromised websites. "With a plethora of hacked sites at their disposal, spammers are able to keep their URLs fresh," the report said. "Using these fresh URLs also helps keep spam message bodies fresh to avoid blocking and filtering."

Another trend spotted this year is the use of "over-the-top" services to confuse junk warriors. Those services allow spammers to disguise their campaigns by sending a few messages from many phone numbers.

"Instead of blasting out thousands of messages from a few SIM cards, the spammers are creating large numbers of accounts and then sending smaller volumes per account," AdaptiveMobile's Bradley said.

"Because the volumes are lower, they're much harder to detect. But if you add them all up, they're still sending out significant amounts of SMS spam," he said. "We believe that's a sign that the spammers have had to adapt to carrier improvements in detecting spam and stopping it."

There are those, however, who believe the carriers could do more to stop SMS spam. "I don't think they're doing enough," Dodi Glenn, director of the antivirus lab for ThreatTrack Security, said in an interview.

"They need to work more closely with security vendors, as well as with the manufacturers of the phone, so that a phone has protections installed on it out of the box," he said.

Read more about social engineering in CSOonline's Social Engineering section.

Join the CSO newsletter!

Error: Please check your email address.

Tags spamantispamapplicationsData Protection | Social EngineeringCloudmarksecuritysoftwaredata protectionsmsGlobal Messaging Threat Report

More about Andrew Corporation (Australia)BullGuard AustraliaCloudmarkFTC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place