14 Nov 2012
We all know the irritation of an incoming text disturbing our concentration, or worse still our sleep, only to find the sender is some ne'er-do-well offering us bogus credit lines or compensation for an accident we never had.
But who are these blighters that are bombarding our mobile phones with SMS spam? Ilona Murynets and her colleague Roger Piqueras Jover at AT&T's Security Research Center in New York, set about finding out, conducting a landmark study of SMS spam.
The pair compared the behaviour of more than 9,000 call detail records taken from accounts known to be spammers, and compared it with 17,000 legitimate accounts, examining call records between March 2011 and February 2012.
“To the best of our knowledge, this paper is the ﬁrst to analyse characteristics of fraudulent SMS spam traffice over a major cellular network,” they wrote in a research paper.
The researchers knew the spammers were likely to exhibit certain behaviours – not least sending out thousands more text messages than they received. Typically, spamming accounts were sending out thousands of SMS messages a day – two orders of magnitude greater than a typical user.
But similar patterns are created by some smart monitors, and other forms of machine-to-machine communication. Being able to distinguish between malicious spammers and M2M chatter is clearly important.
To help spot the spammers, the researchers examined where messages were sent and where they were received. That helps pick out the spammers, as they send messages all across the country, while M2M messages were restricted to a handful of locations – presumably local centres interested in getting the data.
This also threw up some eye-catching details. SMS spammers like to congregate, creating hot spots in Sacramento, Orange Country and Los Angeles in California, and in Miami Beach.
They also found that the vast majority (99.6 percent) of text spammers – as expected – use pre-paid mobiles, More surprisingly, they use just five different models of hardware to send the messages, typically common feature phones reflashed to be used as a cellular modem. On average, spammers kept their mobile accounts active for between seven and 11 days.
The researchers hope their work will help in the fight against the rising tide of mobile spam.
“The results presented in this paper are being used to design an advanced SMS spam detection system,” they wrote.
Their work is being presented at the Internet Measurement Conference 2012 in Boston on Friday.