Tuesday, 24 September 2013

Return of SpamSoldier Spam Bot Threatens Android Community

Android Spam Bot
Is that an Android phone in your pocket, or are you just spewing thousands of spam text-messages? That question has become relevant again with a resurgence of the spam bot dubbed SpamSoldier. Researchers at AdaptiveMobile, a provider of network-level security protection, noticed heightened activity last week after a lull since late 2012. AdaptiveMobile's Cathal McDaid spelled out the danger for SecurityWatch.
Signs of Life
"I'm head of security practices," said McDaid, "and our responsibility is to monitor and detect security threats like this worldwide. We've been monitoring this one for a long time because it caused a lot of spam when it emerged last December." McDaid explained that even a couple of infected devices could send as many as 10,000 spam messages each day. "That's a huge impact on the mobile network," he said, "and huge bills for the victim."
"A few weeks ago," continued McDaid, "we saw some signs that somebody was trying to resurrect the code." Actual evidence of SpamSoldier's return came last week. "We're seeing propagation by email and SMS, said McDaid. "Over the weekend, some of the devices we're monitoring went active and tried to contact new Command and Control servers." In other words, it's baaaack!
Simple Propagation
The actual working of the bot is quite simple. It spews out spam messages like "Download the Newest version of Angry Birds for Android phones for free at hxxp://[MALICOUS DOMAIN]gg.biz." Unwitting dupes who click the link may actually get the game installed. They also get a malicious bot that takes orders from the SpamSoldier Command and Control servers.
Periodically the C&C server will send a new spam messages template and a list of target numbers. At that point the bot goes into action, and a new round of infection begins.
The Good News
According to an AdaptiveMobile blog post about the revivified SpamSoldier, the new bot-herders aren't doing such a good job. The post states that "none of [the malicious APK files] was working due to the C&C server not being correctly set up" and goes on to say that "it seemed the spammers were struggling with repackaging the malware, and setting up the C&C server."
McDaid confirmed that the bot "can do more than what it's done so far. Right now it's just sending spam." He speculated that the bot-herders might work on monetization by driving traffic toward affiliate sites, or scam sites. But don't worry. "We're right there in the mobile operator's networks," said McDaid. "That's how we can block these types of spam and these types of messages before they get to the customers."
Not surprisingly, McDaid advised caution. "If someone is offering free games, don't trust them," he said. "Be suspicious. Only install apps from recognized sources. These apps are NOT on Google Play!" "We were happy to catch this at an early stage," concluded McDaid.

No comments:

Post a Comment