Are you receiving SMS spam? According to the latest reports, millions of mobile users do.
The trend is largely driven by what Webroot is observing as an increase in underground market propositions offering managed SMS spamming services to new market entrants not interested in building and maintaining the spamming infrastructure on their own.
In this post, I’ll profile a recently advertised managed service offering SMS spamming capabilities to potential customers, discuss the latest innovations in this field, their impact to mobile security, and what are some of the key factors contributing to the growth of SMS spam.
More details:
The service is currently offering the following features to new market entrants into the area of mobile spam:
- Managed SMS spamming using the customer’s database of mobile numbers
- Managed SMS spamming using a specific mobile number range
- Managed SMS spamming based on a specific carrier
- Managed SMS Spamming based on a specific city
- Managed SMS Spamming based on a specific country
These unique features offer cybercriminals the ability to better tailor their market proposition to unaware customers, potentially exposing them to scams and mobile malware attacks.
What’s also available in the service proposition, is the ability to choose a custom text message, next to the option to spoof the number of the sender to any given number. Clearly, this has been introduced with the idea to prevent affected users from blocking SMS messages from a single number.
What about the price? For up to 10,000 SMS messages, the price is 0.34 rubles ($.01 USD) per SMS, from 10,000 to 35,000 messages, the price per SMS is 0.29 rubles( $.01 USD) per SMS, from 35,000 to 100,000 the price per SMS is 0.25 ($.01 USD) rubles, and for any orders above 100,000 SMS messages, the price is 0.20 rubles ( $.01 USD) per SMS.
Let’s review some of key factors contributing to the growth of SMS spam.
Sample screenshots of DIY (do-it-yourself) SMS spammers currently available for sale:
Key factors affecting the growth of SMS spamming:
- Managed SMS spamming services proliferating – Webroot is currently aware of several services offering managed SMS spam service, with that number increasing if we take into consideration the number of managed services advertised around cybercrime-friendly web forums, that don’t necessarily have a dedicated web site advertising their market propositions. Thanks to the increased demand for such services, mobile spammers are prone to continue supply new and diversified market propositions to new market entrants.
- DIY SMS spammers available for download – Another segment within the mobile spam market, is the overall availability of DIY (do-it-yourself) SMS spammers. For the time being, the majority of these only affect Russian and Eastern European carriers, and primarily take advantage of the carriers’ Mail2SMS feature. For instance, if enabled, the user can receive emails in the form of SMS messages, once a service, or an individual sends an email to the following address – mobile_number@sms_gateway_at_mobile_carrier.com Although for the time being, the majority of DIY SMS spam tools rely on the Mail2SMS feature, there are exceptions taking advantage of API keys issued by managed SMS spam providers allowing them easy access to a dedicated SMS gateway allowing them to send spoofed SMS messages internationally.
- Harvested databases of active mobile numbers per country, city, mobile carrier offered for sale – Taking into consideration the fact that the service profiled in this post offers the opportunity to send SMS spam messages on a per country, city, and mobile carrier basis, a logical question emerges. How did they manage to build their database of mobile numbers, and segment them so that marketing-savvy cybercriminals can abuse them at a later stage? Affected users often leave their mobile numbers in order to access content found in spam and phishing emails. By doing so, they allow cybercriminals the opportunity to collect, store and resell these numers at a later stage. The geolocation process takes place either automatically based on freely available information for a particular prefix, or manually, by having end users enter their city, country and carrier into the spammer’s database. Another popular technique that mobile spammers use is to collect mobile numbers from freely available free international SMS sending services, which secretly collect all the data that passes by their interface in an attempt to monetize the traffic by reselling the numbers to spammers at a later stage.
What are some of the latest innovations in the field of mobile SMS spam? Based on a comparative review of several managed SMS spamming providers, all of them are interested in vertically integrating by offering managed MMS spamming feature, next to managed Bluetooth spamming. As far as MMS spamming is concerned, not only does the feature offer interactivity for the spammers’ message, it also allows them to efficiently spamvertise malicious Java applications to millions of end and corporate users whose mobile number has been somehow exposed, and is now in the hands of mobile spammers.
Webroot predicts that we’ll soon witness a mass spamvertised MMS campaign containing mobile malware, including localized messages to the native language of the prospective recipients thanks to the availability of managed localization and proofreading services within the cybercrime ecosystem.
With these ‘turn-key’ cybercrime-friendly solutions freely available within the cybercrime ecosystem, we also predict an increase in SMS spam hitting end and corporate users across multiple market verticals.
If you’re one of the unlucky individuals that receives these spam messages, do NOT interact with them, even if they offer you the opportunity to unsubscribe. Much like email spam, unsubscribing will only end up confirming that your mobile number is valid.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
It is very annoying for me to receive messages constantly sms in my cellular phone that I do not desire, and that you do not request at no time, it seems like you are no big deal, but being receiving messages that have nothing to do with us is annoying very, I hope that this sort of marketing disappears.
Do you have to pay?
I have recently been receiving texts saying I WON a free $1,000 Bestbuy Giftcard. Totally a scam! There was once a time I never received Text or phone calls from unkowns, but that is changing rapidly. Now I have to screen cell calls like I do on my landline.
AT&T will block any advertising texts. That means you can’t get you rcoupons, if you want them, but you also won’t get these spams. Of course, you’ll still get the ones from AT&T, but at least those are free! On our cut-rate plan, the others are not.
My plan is not free and has no way to block these advertisements. I did reply to several, thanking them for using my consultation services and asking them to please pay promptly when they receive the bill. Went from up to 20 per day (completely unsoloicited) to around 5 per month.
Haven’t replied to any lately, but suddenly getting advertising voicemails & calls, and my number (I got it last November) has been on the national do not call registry since I got this phone.
So annoying since it costs me $$!!
What people don’t understand is that being on the National Do Not Call list does you no good if you’ve shared your number with these companies or any of their subsidiaries. Increasingly, people are listing their cell phone numbers as their home phones when they fill out sweepstakes, request information on various topics, and other such things. Once you put down your phone number, you have established a relationship with that company and they do not have to abide by the fact that your number is on the National Do Not Call Registry.
Hello its really wonderful knowledgeable..Give more good things. we are providing these type of services Our support team is within UAE, we offer best prices structure, options for Volume based prices and as well as for monthly rent prices. If you want to know more about this services please click here
http://www.smsmarketinguae.com/