CA has received reports of Win32/Bambo.CF being distributed via SMS text messages sent to mobile phones, enticing people to visit a malicious website. The messages may contain the following:
Thanks for subscribing to *****.com dating service. If you don’t unsubscribe you will be charged $2 per day.
The text message then directs the recipient to visit a website in order to unsubscribe from the service and avoid being charged. This website contains a fake dating service page, which entices users to enter their phone number, at which point it attempts to load an executable file called “unregister.exe“. The web page instructs users to click the “Run”
button on each warning page that Windows displays, to allow the program to execute. If the program is run, it installs the Win32/Bambo.CF trojan.
Please see below for examples of fake dating service pages displayed by the malicious website.
Anyone loading the webpage and following the instructions in the message will pick up the trojan, which CA has named Win32/Bambo.CF. The keylogger looks for passwords and other information which it sends via emails and perhaps through other means.
