SMS spam, how did you know I was looking to shop?

Update 21 July 07 - Welcome, spam-haters redirected from Google! I started realizing that people were finding this post through search engines when they got hit by the same piece of spam-laden text-message/SMS on their phones. Do share your stories and any solutions you have found in the comments below. Or if you just want to vent your hate for mobile spam scourges in general I’ll be monitoring the comment section of this post for, well.. spammers.

Allen@aerofire.c0m was spot on. He knew I was looking to buy W.indows V.ista and all software Adobe. When I got this text message, I visited the advertised site immediately. Checked out the prices, read their customer testimonials. Impressive business. I wasted no time and had ThreatSeeker label this site under “Potentially Unwanted Software”.

Take that, you spammer.

The aerofire.com address was obviously spoofed — aerofire.com looked like some sprinkler business, completely unrelated. And the WHOIS record for the sws00.com domain showed this very convincing record:

soft wen
        xiaowen
        No.2 chang'an road
        beijing Beijing 100001
        China
        tel: 86 010 2493049
        fax: 86 010 3240904
        234@34.com

I’m sure that the recent news about China now being the number 1 country for malware distribution has nothing to do with this. Probably just pure coincidence.

This entry was posted on Friday, July 20th, 2007 at 3:53 PM and is filed under retards. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Krystal

i would appreciate it if you would never ever send me a text message on my phone ever again!!!
http://jayliew.com Jay Liew

I have no idea who you are, and I certainly didn’t send you no text message.
Marty Fried

I just got one, too. 1st IM spam, except for free stuff from AT&T, my cellular provider. This kind of thing really makes me mad. I’m tempted to post their website on all the hacker newsgroups, and suggest DOS attacks or something (like I really could!).
http://www.daveliu.net David

Received the same thing just today, but under a different pseudonym: Conklin@kaber.net… file a complaint here – http://www.fcc.gov/cgb/complaints.html
http://jayliew.com Jay Liew

How on earth are you guys finding my blog in the first place? I find it interesting that people are suddenly posting comments on my rant on this ..

Anyway, David — great idea but these guys are (most probably) from outside of the US, so I seriously doubt the FTC is going to spend any resources going after small time scammers like this. No harm trying though.
Justine

I just got that exact same text message but with a different email address (chu@chriswalsh.net). I Google searched some stuff from the message and found this blog.

I got this freakin piece of spam 3 times so far and it’s driving me crazy. How’d you make it stop?
http://jayliew.com Jay Liew

Yeah, the are probably rotating email addresses from a list of spam victims .. so I don’t htink the chu at chriswalsh address guy (if it even exists) had anything to do with it.

I know it’s a pain in the ass, but an option is to call your carrier and see if they can blacklist for you, the number that is SMS’ing you. Or alternatively, tell them you got 3 SMS’s that are spam and tell them to take off the charge. They usually will.

I have a monthly SMS plan, and nowhere near my limit yet, so while this bothers me, it doesnt financially cost me yet.

Good luck!
Justine

Yeah, I have unlimited messaging, so not a financial problem. It’s just incredibly irritating. It’s stopped for now, so hopefully they’re done spamming my particular number.
Thanks.

P.S. Your phone is really nice. Is that the I607?
http://jayliew.com Jay Liew

Yup, it certainly is. The Samsung I607 is also known as Cingular’s BlackJack.

I only got this text message once, so I don’t know about your case — but do they all appear from the same number? If so, I’d try to see if there’s a way to blacklist a number from your cell phone. Also, I’d call your wireless provider and see if they can blacklist that number.

In fact, Cingular once told me that they don’t charge me unless I open the text message. So, if I receive it and delete it without reading it, I won’t get charged. So I was told.

:/

To be honest, my bigger concern is I hope that they don’t start figuring out how to infect my cell with malicious code. The I607 is running Windows Mobile 5, arguably not the most secure mobile operating system on the planet.
Justine

They’re not from a number, they’re from 505, 506, and 507. It’s just annoying and somewhat frightening that my cell number is a target of spam now. If it happens again, I’ll see what T-Mobile can do about it.
http://jayliew.com Jay Liew

Ah, that confirms my suspicion. They are smart enough to make themselves a moving target

I’m in the security business and I’m careful about providing my information online (or offline, for that matter). I’ve written a blog post for my company about why people really should be selfish about their personal information. You can read more about it here: http://www.websense.com/securitylabs/blog/blog.php?BlogID=111

Being ultra conservative in giving up any of my personal information, I am also puzzled over how they got my phone number. But the truth is, perhaps this attack is NOT TARGETED. Meaning, they just pick a valid area code, and then randomly send text messages to to every number from 000-0000 through 999-9999. Does that make sense?

But if that is the case, then it should make it easier for telco providers to pickup these “mass” text messages.
Justine

That makes total sense, I just hope that’s the case. Random number selection and not targeted. I guess I’ll have to be more careful.