For the first time criminal hackers may have succeeded in creating a network of “zombie” cellphones, infected without the owners’ knowledge with software that can be used to send spam or carry out cyber attacks. Symantec says that a piece of software known as Sexy Space may be the first case.
A zombie computer (often shortened as zombie) is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.
Sexy Space uses text messages reading “A very sexy girl, Try it now!” to jump between phones. The messages contains a link that, when clicked, asks the user to download software which, once installed, sends the same message to contacts stored in the phone.
Sexy Space communicates with a central server and can thus be controlled by the hackers who created it – the feature that gives conventional botnets their power. If the network of infected phones is seen to be responding to remote commands, it can be described as a true botnet. Symantec notes that, it is not yet clear how Sexy Space will use the connection to the central server.
Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software. While botnets are often named after their malicious software name, there are typically multiple botnets in operation using the same malicious software families, but operated by different criminal entities.
Botnets are usually made up of infected personal computers and are used to make money from spam or extortion. Millions of machines worldwide are secretly running botnet software and it has been estimated that one in four US personal computers is part of a botnet.
Mobile botnets would pose entirely new security threats. For example, one could disable parts of the mobile phone network by flooding it with text messages. Infected devices could also be used to infiltrate computer networks.
In a demonstration last year, a team from Errata Security used an iPhone sent to a company to spy on its IT infrastructure. While it sat in the firm’s mailroom the phone sent back information about the local wireless systems and computers. A criminal hacker could use the same technique to break into a company’s internal computer network, Errata’s researchers claim. [via abcnews]