Wednesday, July 19, 2006

Criminals Using Text Messaging to Commit Cybercrime

If you receive a "text message" saying you've been signed up for a dating service (automatically billed to your cell phone) "take a deep breath" before following their instructions.

The Internet Crime Complaint Center (IC3) is reporting:

The FBI has been alerted to a newly discovered malware located at Malware is software designed to infiltrate or damage a computer system without the owner's consent.

The identified malware lures victims to the site through the receipt of an SMS message on their cellular phone. An SMS message is a Short Message Service that permits the sending of short messages, also known as text messages. The message thanks the recipient for subscribing to a dating service, which is fictitious, and states the subscription fee of $2.00 per day will be automatically charged to their cellular phone bill until their subscription is canceled at the online site.

Recipients visiting the site to cancel their subscription are redirected to a screen where they are prompted to enter their mobile phone number, then given the option to run a program which is supposed to remove their subscription to the dating service.

When the run option is selected on the Web site, the executable adds several files to the host and changes registry settings to open a backdoor port and lower Windows security settings. The host file is modified to prevent the victim from browsing to popular anti-virus Web sites. The executable also turns the infected computer into a "zombie" network, which can be remotely controlled by the hackers.

For the alert link, here.

In case, you are like me and need clarification on some of the "technical terms," here are descriptions. New terms for computer fraud, such as "vishing" come about all the time and it's hard for the average person to keep up.

Wikipedia is probably the best (most up to date) reference (for new IT terms), I have found, thus far.

Malware is sometimes called crimeware and zombie networks (botnets) are known to be used by cybercriminals for nefarious purposes.

A keylogger could even be installed by visiting one of these "rogue websites." These programs record all the "keystrokes" on a computer and send them (electronically) to the person who installed them on a system. Keyloggers are actually legal and marketed as a means to spy on your loved ones, or anyone else. Criminals use them to record your access information to financial accounts and then steal the money out of them.

If you spot this activity - besides taking a deep breath and not following through with the request - the best thing to do is report it. You can report it to the Internet Crime Complaint Center (IC3), here.

The sad thing is that those of us who know - often just ignore the attempt - which leaves those of us (who don't know) vulnerable.

1 comment:

prying1 said...

re: quote - The sad thing is that those of us who know - often just ignore the attempt - which leaves those of us (who don't know) vulnerable. - end quote -

To quote Glumfeather, "Too true, too true!"

(Chronicles of Narnia - The Silver Chair - )