McAfee's Avert Labs has identified what it calls a new kind of malware targeting mobile phone users through SMS, where consumers recieve a text messages attempting to get them to click a URL, which in turn dowloads a Trojan horse that allows hackers to control their handset and use it for malicious activities, such as denial of service attacks, installing keylogging software and stealing personal account information.

The antivirus company has dubbed this phenomena, reported by some mobile phone users, as SMiShing (for phishing via SMS). To McAfee, SMiShing is yet another example of how moble devices are becoming increasingly popular vehicles of mayhem and profit to perpetrators of malware, viruses and scams.

With SMiShing, consumers recieve SMS messages along these lines: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order at our Web site."

While some folks may recognize this as a scam right away, others might not. The unaware, fearful of incurring premium charges on their bill, click on the link and are prompted to download a program that turns out to be a Trojan.

McAfee warns that although this scamming method may soon become a real annoyance to end-users, it could prove a serious security threat to enterprisess "once hackers learn how to fully exploit SMiShing techniques," according to McAfee mobile threat researcher David Rayhawk, who wrote the Avert Labs blog entry on the subject.

Rayhawk points out, as many have done before, that IT cannot control human behavior, which would be the first line of defense against SMiShing. If an employee avoids clicking on a SMS message URL, then you won't have any SMiShing problems.

He adds, mobile users—the same can be said about many enterprises I think—have yet to learn to treat their mobile devices like laptops. That is, Rayhawk explained to PDAStreet, "The number one issue with smishing attacks - like any phishing attack - is to educate users into treating their smartphones with the same (or better) level of caution as they do with their traditional PCs."

Rayhawk concludes, "Enterprises would be wise to keep a close eye on this issue and think about policies for securing their mobile devices ahead of time, rather than playing catch up when it hits them, and begin to educate their employees about the potential risk now."