The Mobile Cybercriminal Underground Market in China
The availability of affordable mobile Internet access has changed the computing landscape everywhere. More and more people are using mobile devices both for work and for entertainment. China is no exception. According to a report published by the China Internet Network Information Center (CNNIC), 81% of Chinese Internet users went online using their mobile phone in 2013. The CNNIC also reported that China ended 2013 with 618 million Internet users and 500 million mobile Internet users.
This change in user behavior is affecting the cybercriminal underground. Cybercriminals are now more likely to target mobile users, with some “businesses” in the cybercrime underground economy that are specifically aimed at mobile users. One particular business that has found success inside China is sending SMS spam.
Just as email has been abused by spammers for many years, mobile users are now receiving large amounts of SMS spam as well. Like their email counterparts, SMS spam is used to advertise various products as well as lead users to malicious sites. Sending these messages is cheap, too: sending 100,00 messages can cost only about $450.
One way SMS spam is sent to these users is using a GSM modem. These modems are devices which, when attached via USB to a PC, can send out text messages to multiple users in a very small amount of time. The device is controlled using an application on the PC. Basic devices will have only one SIM card, but more advanced versions (also known as a GSM modem pool) will use multiple antennas and SIM slots to send SMS messages more quickly. A 16-slot GSM modem pool (like the device below) can send up to 9,600 text messages per hour. They are available for approximately $425 each.
Figure 1. A GSM modem with 16 SIM card slots
Other tools that can be used Internet short message gateways. These are devices provided by mobile carriers to allow service providers to send large numbers of text messages. Alternately, a “SMS server” can also be used; These use a software-defined radio (SDR) to impersonate a cellular base station; when phones connect to this “base station” they instead all receive SMS spam.
Sending spam is only the tip of the iceberg when it comes to these threats. My paper titled The Mobile Cybercriminal Underground Market in China examines similar products, as well as other items for sale in the Chinese cybercriminal underground. The paper offers an overview of some of the basic underground activities in the China mobile space, as well as some of the available products, services, and their respective prices.
Post from: Trendlabs Security Intelligence Blog – by Trend Micro
The Mobile Cybercriminal Underground Market in China
Read more: The Mobile Cybercriminal Underground Market in China