Posted by: David Harley | February 13, 2013

SMS(re-)Send

Another variant of the SMSSend Trojan flagged in Russia in December by Dr Web and Kaspersky has been flagged by Thomas Reed in Thomas’ Tech Corner.

Reed reports that:

The current incarnation that I have stumbled across no longer pretends to install VKMusic. Instead, it pretends to be an installer for something called History of Sochi…The installation process culminates in a request for the user to text a particular code to a cell phone number.

Whereas the version seen in December didn’t seem to have any impact outside Russia, it seems that this one may have the potential to spread its wings to:

Albania, Armenia, Belorussia, Brazil, Estonia, Germany, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldavia, Russia, Ukraine and Vietnam.

That doesn’t mean that it’s going to be found in all those countries, of course. On the other hand, it doesn’t mean it won’t spread beyond those regions, but I wouldn’t panic yet. In any case, it looks as if Apple has already taken action. A sample has been shared with AV vendors.

David Harley CITP FBCS CISSP
Mac Virus/Small Blue-Green World
ESET Senior Research Fellow

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: