Trojan pr0n dialers make comeback on mobile phones
By popular demand
After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand.
According to researchers at CA Security's malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim.
"As soon as the application is loaded, this malicious software starts to send premium text messages," CA warned on Tuesday. "The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user's knowledge and consent."
Malware that automatically dials pricey premium numbers was all the rage a decade ago, when dial-up internet services required computers to connect to a phone line. With the growth of broadband connections the frequency of dialers waned.
The explosion of smart phone that can run software made by anyone has given malicious dialers a new lease on life. And as was the case in the days of yore, they mostly tap into porn services. More from CA is here. ®
It was inevitable, wasn't it?
As soon as mobile phones were designed to access the internet, and send and receive emails, it was only a matter of time before this happened. I use my mobile phone as a mobile phone, and my computer for accessing the internet. Makes sense to me.
I assume the creators have genuine certificates...
... with which to sign the midlets which contain these SMSers (is that the equivalent of dialler?), or are they relying on users just hitting "yes" every time the SMSer wants to send an SMS?
Not a very convincing post from CA
Firstly, the CA author shows a poor understanding of J2ME MIDP.
"The JAD application however is packaged with a data file (load.bin) that has a list of high-cost destination numbers."
Erm - JAD application? The JAD is the descriptor - it is not the app. itself.
Secondly, even if the user downloads and runs the associated JAR, every MIDP phone I have ever seen prompts the user before sending an SMS - irrespective of whether the app is signed or not.
Finally, does it really matter that the list of premium numbers is read via a call to getResourceAsStream(...)?
As a general comment, smartphones present a much greater risk for this style of attack. Symbian Signed apps can run in the background and can send SMS messages without any user interaction. Android has similar capabilities. iPhone apps are extremely limited in this regard - I believe all an app can do is open an SMS link in the browser - the user must actually send the message.
Finally, if memory serves, the Series60 based SX1 shipped with an augmented reality game called Mozzies. The word was going around that if the game were run on a non Siemens based terminal, it automatically generated a premium SMS. This may be apocryphal - I had an SX1 but never saw the brilliant Mozzies running on any other handset.
It is fair to say that the real worry in premium SMS trojans is that it only takes one SMS to subscribe to a tide of reverse billed content.
Black Helicopter because it looks vaguely like a mozzie...