Dumador Turns PCs to Zombies

Muwahahaha. Sorry couldn’t resist. Hackers are trying to infect pcs by sending cell phone text messages to lure people to a malicious website.

“Thank you for subscribing to – Dating Service ! Your phone will be charged now $2.00 per day untill you unsubscribe online.”

Hackers are using more blended attacks in hopes of creating botnets of many computers that they can control to do such things as launch denial of service attacks, shopping cart scanning, artificially inflate website earnings and more.

The blended attack uses social engineering techniques in its attempt to trick people to the site, security vendor Websense said in an advisory. An SMS text message is sent to the targets’ cell phones, thanking them for subscribing to a fictitious dating service. The message states that they will be automatically charged a fee of $2.00 per day via their phone bill, unless their subscription is cancelled online.

The same message has also been sent multiple times to the comments section of numerous bulletin boards, Websense said. The attack began on Thursday in the U.S. and was first detected by Sunbelt Software, a security software vendor, Websense said. Source: Websense

Once victims visit the purported dating site to unsubscribe, they are prompted to download a Trojan horse program. (A Trojan horse is malicious software that disguises itself as another kind of application.) The attackers provide instructions on how to bypass security warnings in Internet Explorer, Websense said.

After the Trojan horse–a variant of a program Websense calls “Dumador”–is installed, it turns the computer into a “zombie,” allowing it to be remotely controlled by the hackers. The compromised machines then become part of a “bot” network, which can then be used to launch distributed denial-of-service attacks. Source News.com

Websense could not say how many users had fallen for the attack. Monitoring botnet activity is “very difficult” to do because of the crossborder nature of the networks.

The Dumador Trojan allows hackers to use HTTP to control the bots and trigger them to upload information. Typically, the most popular method of bot control is through Internet Relay Chat (IRC).