Computer News & Safety – Harry Waldron Rotating Header Image

December 23rd, 2012:

Android Security – SpamSoldier Botnet steals SMS premium services

For safe mobile phone experiences, users should be careful with every application they install (esp. non-mainstream apps which promise free games or other services)

As botnets go, the Android SMS botnet was “an unsophisticated attack,” Andrew Conway, a security researcher with Cloudmark, wrote on the company blog Dec. 16. An SMS message offering free games or other scams tricks users into downloading a malicious app from a third-party app store onto their Android devices. Once installed, the app can send SMS spam messages to other users without the user’s permission or knowledge. Lookout Mobile Security has dubbed this family of malware SpamSoldier and noted that the malicious app takes steps to hide its stealthy activities. The icon is removed from launcher so the user doesn’t know the app is running, outgoing spam texts are not logged, and incoming SMS replies are intercepted so that the user “remains blissfully unaware,” said Lookout’s senior product manager Derek Halliday. “You better have an unlimited message plan or your phone bill may come as a bit of a shock,” Conway wrote on Cloudmark’s blog.

CAPTCHA – More difficult to read as malware agents grow in sophistication

To ensure real folks are using resources, rather than a malcious program, CAPTCHA controls continue to become more complex and may even challenge users with math problems.  This is to keep automated spam agents from joining email or forum groups.  As the article notes, this is also challenging for users to invoke these resources.

The CAPTCHA system was invented around 2000 by a team of researchers at Carnegie Mellon University in Pittsburgh. The team came up with the CAPTCHA acronym, which stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” (It’s not a perfect acronym.)   According to the Carnegie Mellon website, the first CAPTCHAs were developed for Yahoo to prevent automated programs from rapidly setting up free email accounts, which would in turn be used to pump out spam.

Then I was confronted with a “CAPTCHA” — one of those hard-to-read, squiggly collection of letters and numbers that ensure you’re a real person and not a “bot” trying to game the system.  “To tell you the truth, they are getting harder to read, even for me, but the ‘bots’ that leave spam on your site are getting better at recognizing the CAPTCHAs as well,” Lyons said.  “When we first started using them, a functional CAPTCHA just used a couple of funny fonts and some lines through the text to make it hard for machines to read. Then the bots got smarter, and [now] we are all struggling with reading the CAPTCHAs.”