Cyber attackers spread MERS-related smishing in Korea
Cyber attackers spread MERS-related smishing in Korea
  • By Monica Youn-soo Chung (
  • 승인 2015.06.14 08:23
  • 댓글 0
이 기사를 공유합니다

The state-run Korea Internet & Security Agency warned users against smishing messages related to Middle East respiratory syndrome coronavirus on Friday amid the growing fear of the virus in South Korea.

Smishing – a combination of SMS and Phishing – is a form of criminal activity using cell phone text messages to deliver the bait to induce people to divulge their personal information, including banking information. The hook in the text message is usually a website URL.

During the past week, the number of users infected by the malignant code has been fast increasing, according to analysts. Once the criminals gain the information via the infected smartphones, they seize contact numbers of other users within the phones and re-spread the malignant code, snowballing the problem.

“The public as well as MERS-related organizations should pay keen attention to the criminal activity,” said Korea Internet & Security Agency.

KISA said it took action by partnering with telecom operators – SKT, KT and LG Uplus – and security firms – AhnLab, Estsoft and Hauri – to share the malignant code and stop personal information from spreading.

“In a bid to prevent damage, users should not click URL in the suspicious messages and increasing safety setting to prevent the malignant app installation,” KISA’s official said, adding that, “Refrain from opening email from unidentified sources and upgrade the security of computers to the newest version.”

According to a security solution company Symantec which collected and analyzed the samples of malignant codes, the attached file is stated as “.exe” with a fil name “List of MERS hospital and patients.docx.exe.”

Symantec said, “During our analysis of the sample, we confirmed that it’s not a sophisticated threat. Instead, it’s a simple downloader that we detect as Trojan.Swort.”

“When Ebola virus was spread last year, attackers also took advantage of the virus for their cyber attack,” said Yoon Kwang-teak, chief of Symantec Korea’s product technology division, adding that, “More strong action should be taken to prevent the further cyber attack taking advantage of MERS.”

Some local media outlets reported that some of malignant codes are connected to Internet Protocol in North Korea. Korean Broadcasting System, the national broadcaster of South Korea, reported on Friday its security team found out that the malignant code attempted to communicate with North Korea’s Internet Protocol, raising a possibility that it may be spread by North Korea.

However, KISA said the code was created by one local security firm for training purpose and distributed to the trainees. The massive attack then started as it was uploaded on the globally popular website where security experts pay an attention to.

In a nation where a majority of population uses smartphones and Internet, related criminals have been always issues. According to the report published by a local security solution provider Trend Micro, Korea ranked the sixth as a nation where largest number of malignant code URL found in the world.

Also, according to the latest report released by Korea’s largest security firm AhnLab, around 2,700 smithing malignant code was found in the first quarters of this year in South Korea, up 31.4 percent from the same period of last year.

Among them, mobile wedding invitation accounted for 47.5 percent, followed by traffic violation tag (37.9 percent) and good delivery (13.5 percent).

By type, malignant code collecting banking information topped the list with 87.9 percent. Among them, “Bankun,” malignant code which replaced normal banking application into malignant app in a bid to get financial information, topped the list with 44 percent.

“In order to prevent smithing damage, refrain from clicking URL contained in text messages or social networking site, and regularly update mobile security program,” AhnLab’s official said.

KISA plans to develop technologies to re-track the cyber attack by 2017.

삭제한 댓글은 다시 복구할 수 없습니다.
그래도 삭제하시겠습니까?
댓글 0
계정을 선택하시면 로그인·계정인증을 통해
댓글을 남기실 수 있습니다.

  • Korea IT Times: Copyright(C) 2004, Korea IT Times. .Allrights reserved.
  • #1206, 36-4 Yeouido-dong, Yeongdeungpo-gu, Seoul, Korea(Postal Code 07331)
  • 서울특별시 영등포구 여의도동 36-4 (국제금융로8길 34) / 오륜빌딩 1206호
  • * Mobile News:
  • * Internet news:
  • * Editorial Div. 02-578-0434 / 010-2442-9446 * PR Global/AD: 82-2-578-0678.
  • * IT Times Canada: Willow St. Vancouver BC
  • 070-7008-0005
  • * Email: