New Spam Campaign Exploits Mobile Phone Companies


A new spam campaign is exploiting several mobile phone companies to target users in Australia and Germany. The messages pretend to be MMS messages from popular carriers Telstra and Vodafone, and ask recipients to open the included attachment to read them.

If the recipients open the attachments, malware is installed, and when it’s installed it connects to a remote server and downloads even more malware. The malware takes over the computer, steals personal information, and most likely connects the infected computer to a botnet so it can pump out more malicious spam, and it’s specially configured and encrypted to avoid detection.

While right now the malware being distributed by this campaign is hard for anti-virus programs to pick up, I don’t see it being widely successful. Most people know if you get an MMS message it will show up on your phone just like a text message, not be emailed to you in an attachment. I have to say the chances of people falling for this one are low. It’s definitely imaginative though and not something seen before.

Malicious spam rose in popularity this year and it doesn’t look like that trend is going to change anytime soon. Spammers, perhaps due to the numerous botnet shutdowns of late, seem almost desperate to acquire new zombies. This may also be due to the fact that spammers have begun seeing the value in quantity over size and have started cultivating groups of small botnets rather than creating one huge one. Having small groups of botnets makes detection more difficult and recovery after shutdowns a lot easier.

What do you think of this campaign? Is it silly or ingenious?

Written by Sue Walsh


  1. Leona Price · December 19, 2012

    This news is very alarming. It feels like it won’t take long before these scammers are able to figure out how to bring their “business” in mobile phones. The problem is carriers are not ready to deal with them. They often think that these types of devices are less prone to any kind of attack. Well, this news eventually proved them wrong. I sincerely think it’s high time that carriers start to invest in more security tools and implement stronger measures before these scammers go into full blast and they become way harder to control. In fact, they may become uncontrollable then.

  2. Cassandra Sanders · December 20, 2012

    I might as well call this the beginning of the end of the world. Seriously, if this people get hold of mobile devices and replicate what they’ve been doing with our PCs, it wouldn’t be long before nothing is ever considered safe. Then we will all be in deep trouble, especially those who are into the BYOD policy. There’s also a huge chance that after spam, phishing (or whatever the mobile-related term people will come up with) becomes the norm. Surely, phishers will have a grand party considering the amount and kind of information they can get from mobile devices.

  3. Dick Gordon · January 2, 2013

    This only means one thing: mobile users should download anti-malware and other programs that can help curb IT threats stat. Otherwise, unsuspecting users are opening themselves to a useless phone or a theft to their identity. Cassandra is also right in saying that this is going to be something dangerous for companies that are opting for the BYOD policy, though the biggest threat for them still remains physically leaving their phone everywhere and have it picked up by someone with evil intentions. Or someone has stolen their phones and because there’s lack of any security measure they’re easily opened and the data used for illegal activities.

Leave A Reply