SMS True Date Service / Irreal Dating scam
Update: if you got the Irreal dating sms and are wondering about what to do: do nothing. The sms is garbage; ignore it and forget about it. Definitely don’t do what the website tells you. There is no mess to get out of. You are not going to be billed. Do not enter your phone number, and do not run that program. Generally, do not run any program coming off the internet unless you know what it is, know that it is useful to you, and are very sure it comes from somewhere trustworthy.
Update 2: They are using the name SMS True Date Service now. That makes sense: when the top result in a google search for your name identifies you as a scam, it’s time to change your name. :)
Most significant breaches of computer security are achieved by perfectly non-technical means, i.e. by tricking people, not computers. This is called social engineering, at least when the trick is to get someone to divulge their password by casual trustworthy-sounding conversation (”Hi, I’m Bill in tech support, haya doin’? I need your password real quick for this fix …”)
The key is to divert attention away from what’s really going on, disguising it as something else. The friendly, casual, innocent voice is one way to do that. Another way is to get people hurried and worried about some different (and fake) nuisance or danger. A friend of mine saw such an attempt tonight.
She got an SMS from a weird phone number like +2783 or such, welcoming her to Irreal Dating at www.irrealhost.com, and noting that her phone will be charged $2 per day “only.” Whoops!
Going to that site, sure enough, there is a form for signing up, with just a text field for a phone number, and a checkbox (already checked, for your convenience). “Somebody must have signed up my phone number,” you think! But there is also a way to unsubscribe. Phew! Hurry! All you have to do is enter your mobile number and click confirm to start … the program.
Oh.
The page helpfully describes what you must then do to start that crucial unsubscription program:
with a convenient blur to distract you from Microsoft’s warnings that you may be about to install spyware or trojans or other malicious software. Forget all that, just run it without thinking please!
And your computer gets infected with their trojan.
“Once you have finished you will be removed from our system and you will no longer be charged for anything.” Isn’t that a nice dangling carrot?
It’s a clever scheme. They probably obtain phone numbers by spidering the web for patterns like “Cell: XXX XXX XXXX”, perhaps with country-specific variants like “s. XXX XXXX” for *.is domains (for Iceland) … that particular one would turn up my friend’s phone number, for instance, since it appears in a used-books forum somewhere. Then they find a way to send this SMS to all of these phone numbers through open or misconfigured SMS gateways. Thousands of people are confused and in enough of a hurry to cancel their “subscriptions” that they don’t realize what it’s really about, and their computers end up infected.
Then our irreal friends use their trojan program to commandeer these thousands of computers as drones for spamming, or for distributed denial of service attacks, or for whatever anybody is willing to pay for.
It’s one way to make a living. And some of them get quite rich doing it.
An extra clever aspect of this scam is that people are used to filtering away or ignoring spam email … but are less suspicious of SMS. I wonder if we’re about to see a rise in SMS spam because of that.
Googling for “irrealhost” and “irreal dating” turns up nothing right now, so the trick (or at least this instantiation of it) must be brand new. Their hosting provider will probably shut them down soon, but not before they’ve gotten their little trojan onto plenty of computers. And their business churns on.
Sigh. With just a little more ingenuity and a little less moral fiber, I could have been a rich man …
June 14th, 2006 at 5:21 pm
Æ hvað ég hata sjálfan mig! I should have gone to this site before unsubscribing. I think my computer’s been infected, but the thing is, right after i unsubscribed, my antivirus program immediately cleaned the trojan that got in, and i did some full-time scan, and found no more viruses. Is my computer still infected? Coz it’s runing quite slower now, and there have been times when it got frozen. I hate viruses!
June 14th, 2006 at 6:22 pm
Why ónefnd? No need to be embarrassed; I’m sure you’re not alone. : )
Your computer may well still be infected. Any number of trojans may have been installed, so even if one was found and removed by your virus software, that’s not much of an assurance. You could try another virus package, and also run RootkitRevealer to see if it turns anything up. But even then you can’t be sure.
It’s also possible that there’s nothing there. Windows often does a fine job of slowing down and getting unstable by itself, without any help from viruses.
The only real way of knowing is by saving your data somewhere else, formatting your hard disk, setting up Windows from scratch, and fetching your data back. And hope none of your Word documents got infected … I believe that’s less common nowadays anyway.
That’s as sure as you can get, but that costs plenty of time and hair. (A common workaround is to make it somebody else’s time and hair, which tends to cost either money or a friendship.)
June 21st, 2006 at 4:22 am
Thanks for the article on this - I nearly ‘unsubscribed’, but when I saw the .exe file I decided to do a quick Google search before doing so. You’ve saved my system!
I hate viruses too, especially ones as insidious and angst-generating as this, even before it infects your system!
June 21st, 2006 at 10:19 am
Thanks, I google searched this and found the heads-up. I thought my baby might have logged onto something cos he’d just been playing with my phone when that sms turned up. The site looks very dodgy when the only thing you can do is unsubscribe… no login, no password or anything! How can we get’em?!!
June 21st, 2006 at 5:55 pm
Is everyone in Iceland getting spammed by this? I just got it delivered today and was very suspicious. Thankfully this article confirmed it. Thanks for the heads up.
June 21st, 2006 at 7:22 pm
Not everyone — I haven’t received it myself. But a lot of people have; it was covered on mbl.is today. Good to know I’ve helped someone!
June 21st, 2006 at 11:49 pm
I live in Iceland and got the Irreal SMS also this morning! I never put my phone number to their site to “unsubscribe” because from the phone company they confirmed as well that this is a spam.
June 22nd, 2006 at 7:23 pm
Heh, Im Icelandic too, I got this last night, quite irritating to know something would pop up like that, and even tell ya to run a program before getting out of the mess… well, it made me think about it. Thought about calling my phonecompany go get some idea of what was going on. Havent called yet though for some reason.
So this spreads further than just the local island?
June 22nd, 2006 at 9:10 pm
Just in case it’s not clear: don’t run the program. There is no mess to get out of.
You don’t need to call your phone company. (They almost certainly have nothing to tell you, and do not need any information from you to resolve this.)
All you need to do is ignore the sms and forget about it.
July 19th, 2006 at 6:09 pm
[...] SMS True Date Service / Irreal Dating scam fugato.net/2006/06/10/trojan-trickery/ [...]
October 31st, 2006 at 6:57 pm
[...] While the name is catchy, don’t be misled, it’s actually based on a real event. A number of SMS messages were sent out to users in Iceland and Australia telling them they would be charged $2 a day for membership on a dating website. Victims attempting to “unsubscribe” from the site and daily charge get their computers infected with a backdoor trojan. The South Australia Office of Consumer and Business Affairs (OCBA) even put out a warning to consumers about the scam. [...]
June 1st, 2007 at 11:13 pm
I’m Zaira, from Spain. I don’t know what are you talking about, but i would like to learn icelandic with people from iceland, and i see all of you are from iceland. could you agred me on your msn? Thank you very much. My msn is:
zaira.mm@hotmail.com
bye.