Saturday, July 27, 2013

gldd.me - Text Message Scam

Recently I received a text message from an unknown number (18324646571), saying it was from a friend of mine and that I should click a link. The link alone is a dead giveaway that I should be concerned. I decided to trace the request path to see how the link resolved and what would be waiting on the other end. This meant I would have to see where the link took me (this was done in a controlled environment to prevent against possible viruses and trojans). I watched as the domain resolve against several other servers and eventually ended up at the glide.me homepage.

Some people online have said this is a virus, but the truth is, that's wrong. This is a simple (and exploited) marketing tactic someone is trying to use to make some money. Basically here is what is happening.

A company obtained names and numbers with the knowledge of who has who as contacts. This could be obtained using a virus or trojan but some people have stated that it was stolen from mobile carriers (which I think is more likely). The company connects to a advertising network as a publisher (someone who sends out spam, advertisements, or displays advertisements on their website). They assigned each person a unique code to track which users click and to control the tracking data associated with the click.

If you click your link it resolves against a page that converts this code into tracking data, like this.

http://launch1.co/serve?action=click&publisher_id=20320&site_id=20708&offer_id=251638&site_id_ios=16660&site_id_android=20712&sub_campaign=sms_invite

The people publishing this link are going to get a kick back from glide.me for all traffic that is referred there. And probably even more if the person downloads their software. Looking at the link, you can see that they  track the site that sent it out, the offer/advertisement (i.e. "Hey buddy, check out this link! - Your friend"), the mobile sites connected, and how the user interacted with the offer (SMS).

Well this isn't a virus or a scam necessarily, it is spam and an exploitation of user data. Basically this is the text message version of junk mail.

3 comments:

Nick Norgaard said...

sucks. i got the same thing. (the number i got it from has an area code to Orlando.) Apparently the company who made glide.me used the spam method you described to become a viral app. And they've been outed on that since, so they've announced that they're done doing it. Yet I just got the message. So they're liars.
And spammers.

Jarrin Clark said...

I got this directly from my friends number...in our message feed and everything...

Michael Clark said...

Seems this gets sent out via piggy-back on the last persons contact list, much the same way malware or a trojan virus gets sent out. Although the company (glide.me) states it's free to use. What personal data are they getting access to for those who do download their app?

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Review