Cloudmark’s 2012 Messaging Threat Report identified that spammers have favorite categories of attacks and frequently change individual messages in order to try and evade detection, resulting in a large number of variants. The report reveals that the most common unsolicited spam purported to be gift card offerings (44%), iPhone and iPad free giveaways (11%) and, in the UK in particular, Payment Protection Insurance (PPI) compensation (3%), which appeared after legislators determined that refunds were due to loan recipients who had been inappropriately sold the insurance.
“Global smartphone adoption rapidly increased in 2012, with smartphone users passing the 1 billion mark and this has consequentially resulted in a hike in mobile messaging spam,” said Neil Cook, CTO at Cloudmark. “As opposed to email, we often automatically trust that our SMS must come from someone we know or have done business with and attackers are well aware of this wide acceptance, using it to their advantage. Our research is highlighting the growth of sophisticated mobile threats as new mobile technologies develop and 2013 will see a rise in this sophistication.”
Top spam trends that will continue in 2013 include the first Android botnet to be used for sending SMS spam and the use of blended messaging threats to dupe mobile users.
The SpamSoldier Android Botnet initially seeded via SMS messages, and purported to offer free versions of popular mobile games. Unknown to users, the downloaded game files contained both an initial loader program and a pirated copy of the game. When mobile users ran the game, the loader program sent SMS spam, deleted itself and installed the pirated game.
The sophistication of SpamSoldier was further highlighted as the loader simultaneously added a filter to block incoming SMS messages, preventing the user from being notified that they were spamming their contacts. During the period when the spam was first detected in November to when it was taken down in December, it is estimated that the spammer sent between five and ten million SMS messages, resulting in several thousand mobile devices being infected with the malware.
Blended messaging threats also built momentum during 2012, the company said. These attacks used a combination of email, SMS messaging, instant messaging conversations and mining of social network relationships to send spam. With Affiliate Webcam Spam, for example, spammers start by sending out a sequence of SMS messages that appear to be one half of an interactive conversation. Scammers then coax the mobile user into ‘conversing’, by sending predetermined questions or answers to the mobile user. From SMS, scammers then entice the user to converse on other platforms such as instant messenger to ultimately lead them to a webcam site which offers an affiliate program that pays $40 per sign up.
The 2012 Messaging Threat Report also identified the most popular method to dupe mobile users is by offering items for free. ‘Receive a gift card’ and having a ‘trial of an iPad or iPhone’ totaled more than 50% of the volume of SMS spam.
“This type of giveaway spam often requires the mobile user to offer privacy-compromising information via a survey and multiple click-throughs to various sites to qualify for the free gift,” the Cloudmark study noted. “Spammers are able to extract the user’s personal information to continue to push their scam campaign. Mobile users can qualify to receive the gift but often the costs associated with receiving the product outweigh the gift.”