Monday, December 24, 2012

Android virus uses your phone to spread spam

Byron Acohido, USA TODAY5:12a.m. EST December 24, 2012

Android smartphone users beware. Spammed text messages have begun circulating that can infect your handset, causing it to continually send virulent text messages to thousands of live phone numbers each day.

That discovery comes as hackers continue to probe the Android platform, in particular, for security holes with no slowdown expected in 2013.


Messaging security firm Cloudmark Research recently discovered a virulent spam campaign that is sending text messages to Android users offering free versions of Need for Speed Most Wanted, Angry Birds Star Wars, Grand Theft Auto and other popular games.

By installing the free app, the user actually downloads a hidden program connecting their handset to a command and control server in Hong Kong, says Cloudmark researcher Andrew Conway. The Hong Kong server next sends the handset a list of 50 phone numbers, copies of viral messages and instructions to begin sending the messages to each of the numbers.


The victim can lose in two ways. If they don't have an unlimited texting plan, the next phone bill could be a whopper. It takes about 65 seconds to automatically text 50 phone numbers, after which the Hong Kong server sends a fresh batch of numbers. So each infected phone can blast thousands of viral text messages a day.

What's more, the malicious program also blocks incoming messages from anyone not on the user's contact list. "So the phone company or a friend can't text you back and say, 'Stop sending me spam,'" Conway says.

In such cases, the carrier could decide to unilaterally shut down the user's text-messaging capabilities, he says.


Conway advises Android users to stick strictly to Google's official application store, Google Play, and ignore unsolicited offers that arrive by text message. If you see a suspicious text message offer, forward it in a text message to 7726, a free service set up by the carriers to eliminate spam.

Google Play is a "99.99% trustworthy" because the search giant is on high alert for hackers and fixes any breaches quickly.

"You're much safer going to Google Play than from any other source, especially ones from Asia," Conway says. "If an offer is too good to be true, it's a fake."

No comments:

Post a Comment