Websense detects malicious attack via SMS

Bangalore, June 28 (UNI) Websense Security Labs have received reports of users being lured to install malicious code via Short Message Service (SMS) messages.

Victims receive an SMS on their mobile phone, thanking them for subscribing to a fictitious dating service. The message states that the subscription fee of two dollars per day would be automatically charged to their cell phone bill until their subscription was cancelled at the online site.

''Users who visit the site to unsubscribe from the service are prompted to download a Trojan bot. The site does not attempt to exploit any vulnerability, instead, the attacker provides instructions to bypass the internet explorer security warning prompt,'' a Websense statement said today.

Commenting on this trend, Websense Head (South East Asia and India) Surendra Singh said, ''We are seeing the next evolution of blended threats exploiting a new attack vector - SMS over a mobile phone.'' Mobiles are an attractive lure for criminals who want to exploit the huge user base, as it has become an essential part of our everyday lives, Mr Singh said.

UNI VK RG MQA/PV RS2011