Last August, McAfee research David Rayhawk published a blog where he identified a new form of attack using SMS messages. It is definitely worth reading since this form of attack is predicted to rise in 2007 as cell phones become increasingly used.
The criminal sends your cell phone a SMS message. In this example, it was letting the customer know that they have been subscribed to a dating service at $2/day unless the customer cancels their order by going to a website. The cell phone customer then panics, goes to their computer, logs on and goes to the website in the SMS message. There, they are prompted to download a program which contains a trojan horse virus which turns their computer into a zombie and thus part of a botnet.
Today, many enterprises use SMS internally. Now imagine a spear SMiShing attack that is targeted at your enterprise. The SMS message will be pertinent to your business and appear to come from a colleague. It will then direct you to a webpage where malicious code will be downloaded behind your firewall.
This is yet another reason to have multiple layers of security, using layered identity strong authentication behind your firewall to contain the damage when a successful breach is made.
In a future blog I will cover possible vulnerabilities with Blackberry's.