Premium Messaging
One of the most effective methods for spreading malware to mobile phones is to misuse premium SMS shortcodes?six-to-eight-digit numbers like those used to accept charitable donations or purchase content via text message. One kind of malware tells an infected smartphone to either send a message to a premium number owned by criminals or to access premium online content that users seldom see. The criminals behind the phone number or content then request payment from the victim's mobile phone company, which usually pays right away.
Vikram Thakur, senior security response manager at Symantec, says some service providers send a message to confirm that customers want to accept charges for premium messages or content. However, he says, "the malware in that case will hijack the incoming SMS and prevent it from being seen by the end client."
This kind of mobile malware is designed to avoid detection and it often works. Although charges for the premium texts or content appear on the victim's next phone bill, it still could take months before anyone notices the crime. "If they take only $20 out of somebody's monthly phone bill, it's possible that they stay on that phone for six months," Thakur says.
Those small charges add up quickly for the criminals. In early 2012 Symantec discovered a botnet of hundreds of thousands of smartphones being charged for premium video content. The criminal behind it "was making well over a million dollars per year through that botnet, so we know the method actually works," Thakur told PM. In most cases users are stuck with the bill. Carriers have been known to waive those costs on occasion, but it's rare and depends on the carrier's policy.
Aggressive Advertising
Many free mobile applications include embedded advertising to help companies earn revenue, which usually poses no problem for the user. However, according to Con Mallon, senior director of mobile product management at Norton by Symantec, some applications come with adware that can be "fairly annoying and fairly aggressive."
These aggressive ads can generate notifications on a smartphone's notification bar, add bookmarks to mobile browsers, redirect users to a website every time the app is closed, or insert its own ads into other websites. Thakur told PM that his team has encountered a botnet that modified search-engine results to make certain sites appear near the top of the list. When unscrupulous companies pay for this kind of advertising, mobile adware becomes a lucrative business.
Spyware
Personal information is a valuable commodity on the Internet. Tech giants such as Google and Facebook know that, and tech-savvy criminals know it too. "There's a fairly active underground economy for trading personal information," Mallon told PM.
According to Kevin Haley, director of Symantec security response, the criminals behind mobile spyware can turn a profit by selling that spyware to users who want to spy on others. "It's most likely they want to monitor the communication and movements of someone they know," he says.
Marian Merritt, Norton's Internet safety advocate, says many smartphones contain data that criminals could use to design targeted attacks. "Information about where you go and who you see?it could have value," she warns. Ambitious criminals could learn where you work, whether your job gives you access to financial information or other data they could exploit, and whether you know others who might be similarly valuable targets. Using information from your smartphone's contact list, GPS, and other applications, they can then craft a personalized phishing attack to gain access to your office computer.
Protecting Yourself
There are some ways you can protect yourself from malware attacks.
Check your charges. Read your mobile bill carefully every month and contact your mobile service provider immediately about any charges you don't recognize.
Download defensively. Security experts agree that the overwhelming majority of mobile malware programs are Trojan horses. They sneak onto smartphones disguised as seemingly innocent or even useful applications.
For any mobile operating system, the official app store is usually the safest place to download new apps. Check reviews before you download an app; watch for complaints about excessive ads or other red flags. Be cautious about giving apps access to your smartphone's information and settings.
Fortify your phone. Consider installing antivirus and antitheft software on your mobile device (only Android devices support this kind of software, though; Apple says the combination of a secure app store and a strong phone to begin with prevents malware from ever getting onto its devices). Download software updates when prompted by your operating system or mobile network. At a minimum, make sure that your phone locks after a few minutes of idle time, and set a password or personal identification number to unlock it.
ides of march pi higgs boson reggie bush pope Chris Cline New Pope
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.