Phone phishing attack hits US

by admin June 23, 2006 at 10:18 pm

Criminals are trying a new approach to try to dupe people into downloading a Trojan horse program

Criminals have launched a blended attack which attempts to lure users to a malicious Web site via text message.

IT managers have been warned to alert their staff to the attack, which uses social engineering techniques to try to trick users to the phishing site, according to security vendor Websense.

Users are sent an SMS text message to their mobile phone, thanking them for subscribing to a fictitious dating service. The message states that they will be automatically charged a subscription fee of $2.00 per day, which will be added to their phone bill, until their subscription is cancelled at the online site.

The same message has also been spammed to the comments section of numerous bulletin boards.

Once victims visit the site to unsubscribe, they are prompted to download a Trojan horse program which is a variant of a program Websense calls “Dumador”. Once installed, the program turns the computer into a zombie, allowing it to be remotely controlled by the hackers.

Once machines have been compromised, they become part of a bot network, which can then be used to launch distributed denial of service attacks, install keylogging software and store account information.

Full story: ZDNet UK