SMS Spam and Mobile Messaging Attacks Introduction ... - GSMA
SMS Spam and Mobile Messaging Attacks Introduction ... - GSMA
SMS Spam and Mobile Messaging Attacks Introduction ... - GSMA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>GSMA</strong> <strong>Spam</strong> Reporting Service<br />
<strong>SMS</strong> <strong>Spam</strong> <strong>and</strong> <strong>Mobile</strong> <strong>Messaging</strong> <strong>Attacks</strong> - <strong>Introduction</strong>, Trends <strong>and</strong> Examples<br />
January 2011<br />
4. VASP Abuse – Unsolicited messages sent to subscribers from services providers for<br />
marketing purposes. In many countries this is regulated <strong>and</strong> prosecutions against<br />
attackers have begun to increase.<br />
5. <strong>Mobile</strong> Malware including Bots spreading via messaging – Malware, short for malicious<br />
software, is software designed to infiltrate a mobile device without the owner’s<br />
informed consent. Typically this involves mobile messages sending links to <strong>and</strong> asking<br />
to download executables that are harmful <strong>and</strong> lead to application exploits. Three of the<br />
most common forms of malware include:<br />
- Virus: A malicious computer application that is able to reproduce itself. It can only infect a new host if it is<br />
distributed to the host through some means outside of the capability of the computer program.<br />
- Worm: Self-propagating malicious computer program. It uses some means to send copies of itself to other<br />
nodes on the network. A worm can spread <strong>and</strong> infect many hosts very quickly in a networked environment.<br />
- Trojan: A computer program that doesn’t replicate, but instead enables hackers un-authorized access into<br />
the infected host. Keystroke loggers are a severe form of a Trojan.<br />
Customers of Sant<strong>and</strong>er bank were recently targeted in an attack where PC botnets<br />
were used to harvest customers’ internet banking <strong>and</strong> mobile phone details which, in<br />
turn, were used to send a virus to their mobile phones. Once the phone was infected the<br />
attackers were able to authenticate internet payment instructions using the code sent to,<br />
<strong>and</strong> captured from, the mobile device, removing thous<strong>and</strong>s of dollars from customer<br />
accounts.<br />
6. Acceptable Use Policy Violations - Subscriber generated abuse in violation of acceptable<br />
use policy for type, content <strong>and</strong> volume. Subscriber groups could include users that are<br />
underage, part of a restricted corporate HR policy or data plan, or restricted due to time<br />
of day.<br />
E.g. Underage children accessing pornographic content, corporate users forwarding<br />
personal emails to colleagues wasting company time <strong>and</strong> money, or opening up<br />
pornographic content on their business accounts.