iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > McAfee Says Watch Out For SMiShing
Search:
[ news_security_news ]

McAfee Says Watch Out For SMiShing



David Utter
Staff Writer
2006-08-28

SecurityProNews: Insider Reports Insider Reports RSS Feed


The newest word in security is SMiShing, which McAfee's Avert Labs described as an emerging threat vector for mobile phone users.

SMiShing means "phishing via SMS" per the latest post at the McAfee Avert Labs blog. Victims receive a SMS message that claims their phone has been signed up for some sort of online service. To get out of this, the user is instructed to visit a website and cancel the order.

That is when the problems can begin for the unwary user, according to McAfee's David Rayhawk in the post:

Fearful of incurring premium rates on their cell phone bill, they visit the Web site highlighted in the message. Once they arrive at the URL, they are prompted to download a program which is actually a Trojan horse that turns the computer into a zombie, allowing it to be controlled by hackers. The computer then becomes part of a bot network, which can then be used to launch denial of service attacks, install keylogging software and steal personal account information and other malicious activities.
How much of a problem this might be is not yet known. Rayhawk observed that the complexity of bot activity makes it "challenging" to understand just how broad a scope botnet affect.

The bigger problem comes when cellphone owners, who number in the millions, receive and respond to one of this SMiShing attempts from a workplace computer. Depending on the level of security on the PC within the company's network, that malicious download could have zero impact to exposing every networked machine to the malware.

Now take The Fear one step further, and consider a scenario where the malware delivers a zero-day exploit to assault an unpatched flaw. It is not fun to even think about this one, and it is why Rayhawk suggests that enterprises start thinking about policies regarding mobile devices now, rather than after an exploit hits.

---
Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds