June 23, 2006 2:13 PM PDT

Zombie builders send out phone texts

Hackers are trying to lure people to a malicious Web site using cell phone text messages, a security company has warned.

The blended attack uses social engineering techniques in its attempt to trick people to the site, security vendor Websense said in an advisory. An SMS text message is sent to the targets' cell phones, thanking them for subscribing to a fictitious dating service. The message states that they will be automatically charged a fee of $2.00 per day via their phone bill, unless their subscription is cancelled online.

The same message has also been sent multiple times to the comments section of numerous bulletin boards, Websense said. The attack began on Thursday in the U.S. and was first detected by Sunbelt Software, a security software vendor, Websense said.

Once victims visit the purported dating site to unsubscribe, they are prompted to download a Trojan horse program. (A Trojan horse is malicious software that disguises itself as another kind of application.) The attackers provide instructions on how to bypass security warnings in Internet Explorer, Websense said.

After the Trojan horse--a variant of a program Websense calls "Dumador"--is installed, it turns the computer into a "zombie," allowing it to be remotely controlled by the hackers. The compromised machines then become part of a "bot" network, which can then be used to launch distributed denial-of-service attacks.

"This is definitely the first time we've seen this specific approach," said Ross Paul, a senior product development manager at Websense. "Basically, they're taking a social engineering attack vector with a lot of users."

Websense said it had been monitoring the attacks, but couldn't divulge the identity of those responsible or say whether it was collaborating with the authorities on the case.

"In general, these kinds of attack are perpetrated by organized rings of people. In some cases we know their nicknames, which we share with law enforcement. We regularly share information with the police, when that makes sense," Paul said.

Websense could not say how many users had been affected by the attack. Monitoring botnet activity is "very difficult" to do because of the crossborder nature of the networks, Paul said.

The Dumador Trojan allows hackers to use HTTP to control the bots and trigger them to upload information. Typically, the most popular method of bot control is through Internet Relay Chat (IRC).

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
Websense Inc., bot, attack, hacker, trojan horse

5 comments

Join the conversation!
Add your comment
Whew!
I got one, downloaded it, too, but it wouldn't work on my new Mac!
;)
Posted by GGGlen (491 comments )
Reply Link Flag
so your admitting
your stupid?

a stupid person who owns a mac but stupid none the less
Posted by volterwd (466 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.