Attacks/Breaches
11/10/2010
11:59 AM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Hijack 1 Million China Cell Phones

Zombie text sending malware is racking up $300,000 in charges per day.

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions

More than 1 million cell phone users in China has been infected with a virus that automatically sends text messages, and the attack is costing users a combined 2 million yuan ($300,000 U.S.) per day.

According to Shanghai Daily, "the 'zombie' virus, hidden in a bogus antivirus application, can send the phone user's SIM card information to hackers, who then remotely control the phone to send URL links."

Some of the dispatched text messages contain links to more viruses. Click the link, and your phone could likewise be infected. Other text messages get automatically dispatched to premium-rate phone numbers, generating profits for the attackers while draining subscribers' accounts.

Mobile security expert Zou Shihong at Beijing University Posts and Telecommunications likened the new attack to a pyramid scheme, since by texting everyone in an infected user's address book, the malicious code has the potential to spread exponentially.

According to Zhou Yonglin, an official with China's National Computer Network Emergency Response Team, about 1 million cell phones had been infected since the beginning of September, and mobile operators were having difficulty eradicating the malicious application, owing to the breakneck pace of new variations appearing.

The cell phone virus attack mirrors the Troj/SymbSms-A malware seen earlier this year, which infects Symbian phones. That particular attack targeted Russian cell phone subscribers, infecting their phones with a virus that automatically texted premium-rate Russian phone numbers.

Expect an increase in the number of viruses that target cell phones for profit, according to a recent analysis of mobile device security trends from security vendor Imperva. "We expect exponential growth in the number of incidents related to mobile devices in the next few years... from theft or compromise of information in these devices, through massive infection campaigns, and up to frequent [exploits] of the vulnerabilities introduced into the server side."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-3518
Published: 2014-07-22
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to exec...

CVE-2014-3530
Published: 2014-07-22
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.