Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The SMS worm Selfmite is back, and its even nastier than before

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 10, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Watch out smartphone users-- the SMS worm Selfmite is back, and now it's even nastier than ever, and worse: it's now global.

The pesky worm, which first surfaced in June of this year and affects Android smartphones and tablets, has spawned a new version. Are you surprised? Why would you be?

The Selfmite-B virus infects many more users, uses several money-making techniques and is generally more dangerous and difficult to stop, warns mobile security firm Adaptive Mobile.

To be sure, AdaptiveMobile has tracked more than 150,000 messages sent over the past ten days from over one-hundred compromised devices found in sixteen countries. The latest version of the worm has generated 100 times more traffic than its older sibling, Selfmite-A.

AdaptiveMobile has tracked Selfmite-B in Canada, China, Costa Rica, Ghana, India, Iraq, Jamaica, Mexico, Morocco, Puerto Rico, Russia, Sudan, Syria, the U.S., Venezuela and Vietnam.

“This is the same old Selfmite worm but this time returning on strong steroids,” said Denis Maslennikov, the security analyst at AdaptiveMobile who discovered the latest version of the worm.

“It’s more aggressive and self-propagating capabilities simply means more victims will be caught in its wake. Additionally, it uses several links to engage with users, increasing its monetization potential at the same time. This additional level of complexity makes Selfmite-B a real concern for both wireless carriers and users.”

Users get infected if they download and install malicious APK files from URLs contained in text messages spammed out by already compromised devices.

Once installed, Selfmite-B sends messages to all of the contacts in a user’s phone in a loop, which means that potential victims will continue to receive messages until the mobile carrier detects and blocks these messages or the owner deletes the malware.

The cybercrooks behind the scam have come up with multiple ways to make money, mostly through dodgy affiliate programs.

Users are either directed to an application in Google Play after clicking on the installed worm icon, or they click on other icons that Selfmite-B has placed on their desktops and are therefore redirected to unsolicited subscription websites.

The virus also varies content according to IP addresses, so that users in different countries will be redirected to different websites.

The URLs most immediately associated with the spread of the worm have been consigned into oblivion but this does not necessarily mean that the current outbreak is wholly contained.

"We notified Go Daddy about the malicious x.co URLs and at the moment both shortened URLs have been deactivated," AdaptiveMobile said. "But the fact that the author (s) of the worm can change it remotely using a configuration file makes it harder to stop the whole infection process."

A blog post by Adaptive Mobile - including screenshots of a code snippets - gives a more in-depth look at the malware and the damage it can inflict.

Source: Adaptive Mobile.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer