Tasty Spam: IPhone/iMessage Spam Pushing Fake Designer Sites Aug 15, 2014 By Fahmida Y. RashidVia Flickr user Jerry Pank From: jrp Sent: Thursday, August 21, 2014 Subject: IMessage SPAM For those of you with iPhones, take note! securitywatch.pcmag/spam/326412-tasty-spam-imessage-spam-pushing-fake-designer-sites In July, the second most prolific form of mobile spam in the United States came from an unlikely source: Apples iMessage. It appears someone got ahold of many iCloud accounts and pushed out spam via iMessage peddling links to discount sale websites for several designer brands such as Oakley, Ray-Ban, and Michael Kors, said Tom Landesman, a security researcher at Cloudmark. Nearly two-thirds of the messages had links pointing to fake Oakley sites. These sites could be linked back to China-based domains. The iMessage app provides over-the-top messaging, which lets users bypass standard SMS and send text messages using data. Ostensibly an iOS app, iMessage can be used by any Apple device, including MacBooks and iMacs, to send messages for free. In this case, anyone with a lot of iCloud accounts at his or her disposal could cheaply send out spam using iMessage, Landesman said. iMessage Spam This iMessage spam accounted for 28 percent of all mobile messages reported in July and was the second most prolific form of mobile spam that month, Cloudmark found. The most prolific was the Win Free Stuff campaign weve discussed previously. Lists of iPhone Numbers The read recipients feature in iMessage notifies the sender the recipient has read the message, and also when. Spammers using iMessage, therefore, could use the feature to build out a massive list of valid phone numbers for iPhones, Cloudmark said. This list would be a hot sell on the underground market for other spammers (or malicious attackers) looking to explicitly target the iOS platform with 100 percent accuracy, Landesman said. Users can disable read receipts in iMessage by going into Settings on their iPhones or iPads. The slider to turn off Send Read Receipts is located under the Messages option. Using Hacked Accounts Up to 60 percent of the spam iMessage texts sent during May and June were sent by Apple IDs with Chinese domains. That changed in July, as nearly 62 percent were sent by Apple IDs with Hotmail email addresses, Cloudmark found. The attacker didnt mass register accounts, but was most likely using Apple ID or Hotmail accounts that had been compromised, Landesman said. Interestingly enough, the campaign was spread out across most major U.S. cities. and not localized to a specific city as is often the case with mobile spam. The spread of recipients was also proportionate to the citys population, which is to be expected given a set of random phone numbers, Landesman said.
Posted on: Mon, 25 Aug 2014 21:28:58 +0000
Trending Topics
Recently Viewed Topics
© 2015