Interesting tidbit: I subscribe to the Messaging Newsemail newsletter. (I don’t actually remember signing up for it – buthey ho). I couldn’t find this replicated on their site so I am going toquote the interesting bits of the newsletter.
What caught by eye was the title ‘Cell Phone Users Experience Text Spam’. We’ve discussed this before with the most interesting incident being when one operator took legal action. Anyway back to the Messaging News newsletter, they said the following:
“Across the country this past weekend, many folks received a spammessage for the first time. While a common problem with email, theshear volume that...
In the words of the Ghost Busters, “We’ve got one…” We’ve got what?, I hear you ask. We now have an example of alleged SMS spam with some real statistics rather than the usual conjecture. We know SMS spam has been growing through the monitoring of such sites as Grumble Text [1] however we’ve never had true insight into the scale of a professional SMS spamming operation.
Well recently that changed - TelecomWeb broke the story [2] that,
“Verizon Wireless filed a lawsuit against Nev.-based I-VEST Global Corporation and various "John Does," alleging they sent unsolicited commercial electronic messages (wireless spam) to its customers.” and that “The lawsuit, filed in U.S. District Court in Trenton, N.J., alleges that, beginning in April, I-VEST attempted to send more than 12 million text messages to Verizon Wireless handsets, offering information about buying stocks or real estate. However, the carrier says spam filtering and network monitoring...
While speaking with an industry friend recently, he mentioned that he had received some spam. When viewed in plain text, the spam looked like this (the filename has been changed to save the compromised):
However, if you remove the executable from the URL, you get a directory listing:
So, from this we can see the machine had been compromised for two months prior to the malicious code being placed upon the site (one day before my friend received the message). However,...
I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include: a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free. b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down. c) There is no need to complicate things as people still fall for e-mail phishing.
These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is...
