"Small SMiSh, Big Pond"

From McAfee blog:

"Just last month we received our first live example of SMiShing. This month we've received evidence that the author of VBS/Eliles.A has taken umbrage at the AV industry's naming conventions. Specifically rule #1: We never name malware after the author's suggested or intended name. This is to discourage people from writng new malware in order to gain notoriety.


The Eliles author, let's call him Eli, is not taking this sitting down. One of our contacts in Asia sent us a sample of Eli's latest attempt at fame, VBS/Eliles.B. Eli left some parts of his worm intact.

Like his first try, VBS/Eliles.B also:

• Hides Drives,disables Registry editing and generally makes removing it a pain.
• Tries to disable your antivirus software
• Sends itself via email to any address it can find
• Attempts a SMiShing attack against customers of two mobile phone companies based in Spain

VBS/Eliles.B additionally:

• Runs a script that types Eli's complaints on our naming and the occasional insult in the current window
• Tries to disable your firewall software

VBS/Eliles.B really brings nothing new to the table. Aside from the SMiShing routines, Eli hasn't created anything new. All the other routines appear to have been created with various ready-made malware toolkits."

[...]

"VBS/Eliles.A & B are not large threats. The disturbing part is that while the SMiShing routines are targeted locally to a specific country in Europe, VBS/Eliles.B has made it to another country in Asia.

VBS scripts are distributed as plain text. Within 2 minutes, using a text editor, a malware author can cut and paste a few strings to generate a new SMiShing attack. Fortunately, Eli is not following the for-profit trend of his more skilled colleagues. Unfortunately, it looks like SMiShing source code is now available to more malware writers.

Today's minor threat can become a component of tomorrow's devastating attack

"Phone-y Money"

From McAfee blog:

"For-profit malware has been increasing on the PC side for quite a few years now. Viruses that hold your files hostage, trojans that steal banking information and adware that floods your computer with popup ads. Malware writers have shifted their goals from gaining notoriety or personal satisfaction from the spread of their creations to the goal of filling their wallets.

Recently though, McAfee Avert Labs has begun to see a similar trend in mobile malware. Most of the mobile malware that we’ve run across has been relatively harmless trojan horses. A few files have been replaced, or the phone fails to start when reboot. A hard reset to clear the phone memory and you’re back to normal, minus your stored phone numbers and calendar information. You might have lost any time spent adding new software or saved documents, but at least none of your private information has been stolen. J2ME/Redbrowser changed the entire situation."

[...]

"Stealing money in real life ranges from corporate embezzling to the common mugging. Where Redbrowser falls somewhere in between the two, J2ME/Wesber is closer to a mugging."

[...]

"With the recent SMiShing incidents, the rise in for-profit mobile malware is definitely troubling."

Smishing? A real example -- VBS/Eliles.A

Smishing:

"This phenomena, which we at McAfee Avert Labs are dubbing “SMiShing” (phishing via SMS), is yet another indicator that cell phones and mobile devices are becoming increasingly used by perpetrators of malware, viruses and scams."

What's so special about VBS/Eliles.A?

"[...]it includes a routine to send Smishing messages to users of two Mobile Phone providers[...]"