Spammers Target Mobile Users with More Than 350,000 Unique SMS Spam Variants in 2012

  Spammers Target Mobile Users with More Than 350,000 Unique SMS Spam Variants
  in 2012

   SpamSoldier became the first Android botnet to be used to send SMS spam

               Blended messaging threats to continue into 2013

     Most common unsolicited spam offers free gift cards or iPads and PPI
                             compensation claims

Mobile World Congress 2013

Business Wire

BARCELONA -- February 25, 2013

Cloudmark, Inc., the global leader in messaging threat protection for
communication service providers, today unveiled new research demonstrating the
sophisticated and varied methods used by attackers to target mobile users.
Cloudmark’s comprehensive 2012 Messaging Threat Report revealed there were
more than 350,000 unique unsolicited mobile spam variants in 2012, with the
highest churn rate in December with more than 53,000 unique variants alone.

Spammers have favourite categories of attacks and frequently change individual
messages in order to try and evade detection, resulting in a large number of
variants. The report reveals that the most common unsolicited spam purported
to be gift card offerings (44%), iPhone and iPad free giveaways (11%) and, in
the UK in particular, Payment Protection Insurance (PPI) compensation (3%),
which appeared after legislators determined that refunds were due to loan
recipients who had been mis-sold the insurance.

The report findings are gathered through the Cloudmark-powered GSMA Spam
Reporting Service, launched at Mobile World Congress in 2012. Mobile users can
report their unsolicited spam by forwarding it to ‘7726’ spelling out SPAM on
their keyboard. Suspicious texts submitted to this service help Cloudmark
tackle spam on behalf of participating carriers, who receive comprehensive
reports with detailed information on spam content, senders and reporters,
which enables them to block numbers and reduce further spam.

Neil Cook, CTO at Cloudmark, said: “Global smartphone adoption rapidly
increased in 2012, with smartphone users passing the 1 billion mark and this
has consequentially resulted in a hike in mobile messaging spam. As opposed to
email, we often automatically trust that our SMS must come from someone we
know or have done business with and attackers are well aware of this wide
acceptance, using it to their advantage. Our research is highlighting the
growth of sophisticated mobile threats as new mobile technologies develop and
2013 will see a rise in this sophistication.”

The 2012 Messaging Threat Report identifies the top scam trends that will
continue in 2013, such as the first Android botnet to be used to send SMS spam
and the use of blended messaging threats to dupe mobile users.

SpamSoldier—Android Botnet Spreads SMS Spam

The SpamSoldier Android Botnet, initially seeded via SMS messages, purported
to offer free versions of popular mobile games. Unknown to users, the
downloaded game files contained both an initial loader program and a pirated
copy of the game. When mobile users ran the game, the loader program sent SMS
spam, deleted itself and installed the pirated game.

The sophistication of SpamSoldier was further highlighted as the loader
simultaneously added a filter to block incoming SMS messages, preventing the
user from being notified that they were spamming their contacts. During the
period when the spam was first detected in November to when it was taken down
in December, it is estimated that the spammer sent between five and ten
million SMS messages, resulting in several thousand mobile devices being
infected with the malware.

Blended Messaging Threats Bring New Level of Sophistication

Blended messaging threats also built momentum during 2012. These attacks used
a combination of email, SMS messaging, instant messaging conversations and
mining of social network relationships to send spam. With Affiliate Webcam
Spam, for example, spammers start by sending out a sequence of SMS messages
that to appear to be one half of an interactive conversation. Scammers then
coax the mobile user into ‘conversing’, by sending predetermined questions or
answers to the mobile user. From SMS, scammers then entice the user to
converse on other platforms such as instant messenger to ultimately lead them
to a webcam site which offers an affiliate program that pays $40 per sign up.

Free Offers Most Likely to Dupe Mobile Users

The 2012 Messaging Threat Report also identified the most popular method to
dupe mobile users is by offering items for free. ‘Receive a gift card’ and
having a ‘trial of an iPad or iPhone’ totaled more than 50 percent of the
volume of SMS spam.

This type of ‘giveaway’ spam often requires the mobile user to offer
privacy-compromising information via a survey and multiple click-throughs to
various sites to qualify for the free ‘gift.’ Spammers are able to extract the
user’s personal information to continue to push their scam campaign. Mobile
users can qualify to receive the gift but often the costs associated with
receiving the product outweigh the gift.

To avoid mobile users becoming victims of unsolicited SMS spam, Cloudmark is
offering five tips:

  *Mobile users are strongly encouraged to forward spam texts to their
    carrier via “7726” spelling out “SPAM” on the keypad
  *Do not text “STOP.” This response only works with text alerts that the
    recipient has legitimately signed up to, and has the reverse effect for
    spam texts – merely confirming that the number is live and encouraging the
    spammer to continue to target that phone
  *Only download mobile applications from reputable app stores and read the
    terms of service closely
  *Never respond to an SMS requesting login details or other personal details
    – particularly if it claims to be a bank or financial institution
  *Speak to your mobile operator to see if you can set up content filters on
    your mobile account so that premium rate texts cannot be charged and adult
    content displayed.

Notes to Editors

For the complete Cloudmark 2012 Messaging Threat Report, please visit:

About Cloudmark

Cloudmark builds messaging security software that protects communications
service provider networks and their subscribers against the widest range of
messaging threats. Only the Cloudmark Security Platform™ delivers instant
security and control across diverse messaging environments, enabling
communications service providers to create a safe user experience, protect
revenue and safeguard their brand, while streamlining infrastructure and
reducing operational costs. Cloudmark's patented solutions protect more than
120 tier-one customers worldwide, including AT&T, Verizon, Swisscom, Comcast,
Cox and NTT. For more information, please visit


Matt Grant, 415-946-3920
MSL London for Cloudmark
Deepika Bharadwa, +44 (0)20 7878 3142
Press spacebar to pause and continue. Press esc to stop.