Promises of partners from heaven lead to a backdoor from hell

22 June 2006

Tens of thousands of SMS messages were sent to Icelandic mobile phone numbers yesterday containing the text below. Such messages have also been sent in large quantities to mobile phones in other countries, including the UK and Australia.

From: Thank you for subscribing to Irreal Dating Service. Your phone will be charged $2.00 per day until you unregister ONLINE at – Enjoy!

This website contains false instructions for unregistering from this bogus service. However, if these instructions are followed, the user's computer is infected with a new backdoor Trojan.

This type of SMS message does not itself cause any harm and should simply be deleted. However, users are warned not to visit any websites referred to in this or other similar messages and never to to run any unknown software on their computers. It is also important that users have effective and up-to-date antivirus software installed and running on their computers at all times.

This website attempts to trick users into downloading a backdoor Trojan that tries to steal confidential information including account numbers, usernames and passwords. It also allows for complete remote control by an attacker, including downloading and uploading of files and execution. The main purpose of the backdoor, however, is to make infected computers part of a bot-net used to send millions of illicite spam e-mail messages. This operation therefore involves not only SMS spamming and the deliberate spreading of malware, but also the final financial incentive of spam e-mail.

FRISK Software’s experts have been cooperating with international law enforcement agencies in their investigations into this large-scale operation and the individuals involved.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

2014 © CYREN · Privacy Statement