Saturday, September 02, 2006

BEWARE Of SMiShing Attacks On Cell Phones & PDAs

SMiShing is the newest form of cyber attack.

Like Phishing, from which it gets half its name (SMS + Phishing = SMiShing), SMishing attacks rely on social engineering.  They attempt to convince the unsuspecting user to do something that ultimately leads to the theft of personal information or financial fraud.

These attacks have already begun.  Users of cell phone services in Australia were recently sent an SMS message that told them to confirm a $2.00 p/day charge for an online dating service.  When alarmed users logged into the web site mentioned in the SMS message, the site attempted to infect their computers with a Trojan virus!

A new virus, VBS/Eliles has been identified by major anti-virus vendors.  In addition to its Trojan functions, the virus is designed to send SMS messages through cell phone service provider gateways.

The insidious part of this virus is that it actually offers the Cell Phone/PDA user with a free antivirus download for their device.  The software is allegedly from the recipients cell phone provider.  People who downloaded and installed the "antivirus" software on their phones were quick to discover that they had loaded malicious software instead!

Despite the other social malfunctions that plague Virus writers, they are good at sharing. Although SMiShing is new, the code to carry out this type of attack is already spreading on web sites and discussion forums used by would-be virus writers.  This means that we can expect to see more and more of these attacks in the near future.

eBay & PayPal Mobile Users @ Risk

Although no SMiShing attacks aimed at eBay or PayPal users have been documented, they will likely be future targets.  Both eBay Wireless and PayPal Mobile have mobile tools that make it convenient to manage auctions and pay vendors / sellers using a Cell Phone / PDA.  It won't take long for criminals to identify this pool of tempting mobile targets and start their attacks.

Users of newer converged devices are doubly at risk.  The current generation of cell phones like the Nokia 6265i, Motorola Razr (Razor) or LG Chocolate as well as PDAs like the Palm Treo 650 / 700 or HPs iPAQ running Windows Mobile Edition offer both SMS and Internet Web browsing and eMail, giving criminals multiple ways to target these devices.

Staying Safe

Start by following all the same rules that apply to other online communication tools like email and instant messaging;

  1. Never Open/Respond to messages from unknown sources.
  2. Verify the source/content of all unexpected messages.
  3. Don't send text messages in response to Ads for free ring tones, jokes, horoscopes, etc.
  4. Never provide any form of financial or personal information in response to an unsolicited message.

Companies like Norton and MacAffee, as well as freeware antivirus vendors are already developing new antivirus software for cell phone / PDA devices.  Versions of this have already been made available for PDA users.  Like the war that has raged over desktop computers for years, the war against portable devices will likely be just as brutal.

Tuesday, August 29, 2006

Google Office is not a solution. It is merely a set of virtual tools.

Google Office is not a solution. It is merely a set of virtual tools.

Can a small business afford to give up the high-level of functionality and integration offered by Microsoft Office? If you tell your controller they can no longer merge AR letters with Dynamics, the sales manager they can't analyze CRM data using MapPoint and HR/Payroll the time clock data will need to be re-keyed, what do you think they will say?

Google is NOT providing 'free' applications because they are a philanthropic organization. They have a plan to monetize any hosted application suite through advertising and mining the data for aggregate trend data. The first reason should be enough to keep any smart business person away. The second reason, in light of recent AOL privacy revelations, should be enough to make you run!

Today’s small businesses are looking for solutions that help them compete more effectively in local as well as global markets. They can not afford to be hobbled by inferior applications that offer little more than virtualized versions of non-integrated 1980’s-vintage shareware.

I look forward to the day when we can offer our clients hundreds; if not thousands of small business applications, designed to work together in a virtual cafeteria suite, with the same tight integration available in the networked Windows environment of today. Until then, we will continue to encourage companies that want virtual access to their systems to use solutions like
Terminal Services
and Go-To-My-PC, complimented with web-based collaboration tools like SharePoint and Groove