Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - There is some SMiShing going on in the EU InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

There is some SMiShing going on in the EU

Published: 2009-03-27
Last Updated: 2009-03-27 06:53:02 UTC
by Mark Hofman (Version: 1)
0 comment(s)

 We've had a few reports so far where people receive an SMS which asks them to check out a particular URL, which predictably contains something extra.  

Currently the reports are from the UK and Germany.  

The text of the SMS is typically along these lines " Someone posted your full personal and banking information at insert-bad-url-here website you must remove it now".  The text does vary slightly in some of the samples seen.

The url typically has some badness in the form of a trojan.  This particular one, which Holger alerted us to (thanks), contained a trojan called Ambler.  

So keep an eye on your VoIP systems and some user education is probably also not a bad idea. 

Mark H 


Keywords: SMiShing
0 comment(s)
Diary Archives