It has long been seen as common sense to install antivirus software on home and business computers – companies usually spend thousands of dollars on safeguarding their networks. Hence, working on viruses for computing environments may not always end favorably for developers. The new trend being observed among malware threats is smartphone invasion. Smartphones are now being used as handheld computers and contain almost as much personal/work information as computers. SpamSoldier, an infection that functions through text messages, is the latest among smartphone security threats.
Washington State Attorney General’s Office has issued a warning against SpamSoldier, alerting users to its surreptitious methods. This software hides in a phone’s text messaging service and sends the user’s contacts a link for free download of an app or prize. This could be something like a $1000 Target gift card. Opening the link infects the phone and then spreads the text message to that user’s contacts and so on. Sometimes, the software will even allow a user to download a free game, so as to gain trust and continue its malicious activities in the background. The app receives instructions from a central server so it cannot be seen, changed or deleted remotely on any phone.
SpamSolider was first detected when users started noticing charges for these text messages on their monthly bills and getting questions from people that they has never really texted. The company that eventually discovered the virus believes that the spam messaging is just the foundation for a much graver attack. In the light of SpamSoldier and other malware growing common on phones, several AV companies now provide mobile security as an accessory to their traditional computer protection services.
Even if a user doesn’t have AV software on the phone, there are some practical ways of steering clear of threats like SpamSoldier. Firstly, never open a link from a text message, no matter how promising it seems. Download apps only from the vendor-prescribed app market, and not from unknown websites. When you get a text, do some behavioral policing before trusting it – does this person text you often? Does it seem like the kind of message this individual would forward? Check your monthly cellphone bill for suspicious charges that don’t directly reflect your intentional activity. Treat text messages like email, since they can serve the same purpose for spammers. Make use of block lists or personally warn contacts that spam you consistently.
