'SMiShing' comes a smashing in 2007?

Forget phishing or vishing, there is a new vice in town and it is called "SMiShing".

According to McAfee, SMiShing or phishing using SMS (short message service), is expected to become more prevalent in the year ahead. The security vendor unveiled on Thursday its list of top 10 security threats forecast for 2007.

McAfee noted in a media statement that in August this year, a mass mailing worm with the ability to send SMS messages to mobile phones was discovered. By end-September, the security vendor had found four variants of the worm.

Cyber criminals have increasingly come up with new ways of phishing or stealing personal information such as credit card details or online banking user credentials. Phishing has also penetrated new mediums such as voice over IP, a technique commonly known as vishing.

McAfee warned that for-profit mobile malware will also increase in prevalence next year. Two Trojan horses programs were identified this year, which caused mobile users to unknowingly send SMS messages to premium rate service numbers.

Spyware targeted at mobile phones were also detected during the year, said McAfee. Some of the spyware tools monitored logs of calls and SMS messages, while others attempted to steal text messages by forwarding them to another phone. Tactics designed for mobile devices will also become more common in 2007, the security company said.

According to Joseph Telafici, vice president of McAfee's Avert Research, the mobile phone has "become an interesting platform in the last couple of years", and the amount of data being stored on these devices is increasing.

"Mobile malware development has been hindered for a while by the sheer variety of platforms, carriers, hardware, software applications…it's very difficult to develop a threat that would attack a set of phones broadly," Telafici told ZDNet Asia in an interview this week.

"But as we see things like standard Web browsers, Java virtual machines being installed on more devices, and as we see the market consolidating around Symbian, [Win Mobile] or [other] smartphone operating systems, a lot of that diversity is going away," he said.

Although much of the mobile malware today is still "fairly amateurish", Telafici noted that things are starting to change.

"There's been a number of high-profile attempts to steal the address book of famous people, which is more titillating than serious," he said. "But if you apply that same logic to the contents of the cell phone of your average finance person or vice president of a corporation, that's [a] pretty [big concern]."

"Here in Asia, you have such a high population density that when you start looking at Wi-Fi, Bluetooth and IR (infra-red) and other kinds of relatively short distance communication mechanisms--in a place where you have so many people so close together--the idea of proximity-based attacks is a lot more feasible from a technological standpoint than it is in other parts of the world," he added.

Telafici, however, acknowledged that there claims that mobile viruses were over-hyped. "I don't think we can really be sure--these are predictions," he said. "Clearly it's a platform where there's a lot of exploration going on… If the risk-reward ratio ever becomes right, then we'll certainly see more activity in this area."