How to make money with mobile malware

Old phone
Remember the old days of dialler Trojan horses?

Back when most of us didn’t have broadband at home, and connected to the internet via a modem, we saw a type of malware which could take advantage of the phone line plugged into the back of your PC and dial an expensive premium rate number.

In this way, criminal hackers could make money out of your infected computer – and you might know anything about it until you received an expensive telephone bill.

Dialler Trojan horses went the way of the dinosaur as consumers turned their back on modem connections and adopted broadband en masse.

But, as F-Secure’s Mikko Hypponen explained today at the Virus Bulletin conference, the threat may have returned in a different form through the use of virtual premium rate numbers.

3d anti-terrorist action
Earlier this year I described the Terdial Trojan horse, which was distributed posing as a Windows mobile game called “3D Anti-terrorist action”, but appeared to make calls to Antarctica, Dominican Republic, Somalia and Sao Tome and Principe without the owner’s permission.

So how did it make money for the hackers?

Well, it transpires that although the Trojan did make phone calls to numbers associated with various far-flung corners of the world, the calls never made it that far.

That’s because the phone numbers were what are known as virtual numbers. It’s perfectly possible to find telephone operators on the web who will rent you premium phone number associated with, say, Antarctica, and pay you every time that a call is made.

Unlike other legitimate premium rate numbers (such as 1-900 in USA), there is no regulation preventing abuse of the virtual numbers, and the ‘owner’ of the number gets paid instantly rather than having to wait 30 days.

And your call never actually gets as far as Antarctica or North Korea. It’s stopped in your own country, but you’re still billed as though you rang that far away place.

The days of Trojan horses making money out of dial-up modem connections may be long gone, but here’s a model for money-making that mobile malware authors could certainly exploit.