From cruise offers to banking Trojans, SMS spam clogs channels

Bogus cruise offers, diet pitches from hacked domains and the use of over-the-top services to foil spam fighters have been some of the top trends in SMS junk messaging thus far this year.

As the summer heated up, SMS spam related to warm weather began to clog texting channels, according to Cloudmark's Global Messaging Threat Report for the year's second calendar quarter.

SMS spam with a summer motif appears to have peaked just before the end of June when more than 20 percent of all junk texts contained subjects from free cruises to the Bahamas to dieting tips to fill a wild bikini, Cloudmark reported.

"There's a standard hook to these campaigns," Cloudmark Threat Researcher Andrew Conway said in an interview. "It's free stuff."

It used to be free iPads, he continued, then it was free gift cards. "Now it's you won a free cruise," he explained.

It's probably no coincidence that cruise spam started up just about the time the F ederal Trade Commission started cracking down on gift card text trash this spring. "We will see periodic downturns after a particular form of monetization gets stopped," Conway said.

"When the FTC took action against gift card spammers, we saw a downturn in that," he continued. "However, it came back as cruise spam."

As popular as free stuff scams are, they still placed behind phishing for bank accounts and adult content junk in spam volumes during the period.

Bank phishing spam is usually designed to obtain information about a target's bank account or lead a victim down the path to infection by a banking Trojan. "Up to now, we've seen SMS Trojans wreak havoc by sending text messages to premium service numbers," Liviu Arsene, a mobile threat researcher with Bitdefender, said in an interview.

"However, during a six month study we just completed, we noticed some malware samples acting as banking Trojans, specifically the mobile version of Zeus," he said

That Trojan intercepts SMS messages sent to a phone to confirm transactions for bank accounts. It prevents an account holder from being tipped off by the bank when an unauthorized transaction is performed on their account.

More and more cyber criminals will be exploiting text messages in the future, predicted Alex Balan, head of product management for BullGuard. "Text messages are a very good way of luring users into clicking stuff simply because you can spoof the sender of a text message very easily," he said in an interview.

"That makes them very believable," he added.

Finishing just behind free stuff in the Cloudmark tally was "We Buy Junk Cars" spam. Those spammers have become quite refined in their techniques, noted Ciaran Bradley, vice president for handset security products at AdaptiveMobile.

[Also see: SMS becoming a meaty attraction for spammers]

One such campaign targeted the 786 area code in Florida. According to census figures, the average household income in that area is around $40,000 and 18 percent of the population is below the poverty line. In other words,a good geographic area for people looking to buy junkers at cut-rate prices.

"They buy cars from poorer neighborhoods and then ship them to South America where second-hand cars still carry a substantial premium," Bradley said in an interview.

One of the fastest growing spam categories during the second quarter, according to Cloudmark's report, was diet-themed SMS spam. Volumes of that kind of spam tripled during the period, as it reached 12 percent of all spam at the end of the quarter.

Diet spam has a common thread, the report said. All of it contains links to compromised websites. "With a plethora of hacked sites at their disposal, spammers are able to keep their URLs fresh," the report said. "Using these fresh URLs also helps keep spam message bodies fresh to avoid blocking and filtering."

Another trend spotted this year is the use of "over-the-top" services to confuse junk warriors. Those services allow spammers to disguise their campaigns by sending a few messages from many phone numbers.

"Instead of blasting out thousands of messages from a few SIM cards, the spammers are creating large numbers of accounts and then sending smaller volumes per account," AdaptiveMobile's Bradley said.

"Because the volumes are lower, they're much harder to detect. But if you add them all up, they're still sending out significant amounts of SMS spam," he said. "We believe that's a sign that the spammers have had to adapt to carrier improvements in detecting spam and stopping it."

There are those, however, who believe the carriers could do more to stop SMS spam. "I don't think they're doing enough," Dodi Glenn, director of the antivirus lab for ThreatTrack Security, said in an interview.

"They need to work more closely with security vendors, as well as with the manufacturers of the phone, so that a phone has protections installed on it out of the box," he said.

Read more about social engineering in CSOonline's Social Engineering section.