Information Security News mailing list archives
Making a PBX 'botnet' out of Skype or Google Voice?
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 14 Apr 2009 02:15:12 -0500 (CDT)
http://www.macworld.com/article/139971/2009/04/pbxbotnet.html By Robert McMillan IDG News Service April 13, 2009 Flaws in popular Internet-based telephony systems could be exploited to create a network of hacked phone accounts, somewhat like the botnets that have been wreaking havoc with PCs for the past few years. Researchers at Secure Science recently discovered ways to make unauthorized calls from both Skype and the new Google Voice communications systems, according to Lance James, the company's cofounder. An attacker could gain access to accounts using techniques discovered by the researchers, then use a low-cost PBX (private branch exchange) program to make thousands of calls through those accounts. The calls would be virtually untraceable, so attackers could set up automated messaging systems to try and steal sensitive information from victims, an attack known as vishing. The calls might be a recorded message asking the recipient to update their bank account details, for example. "If I steal a bunch of [Skype accounts], I can set up [a PBX] to round-robin all those numbers, and I can set up a virtual Skype botnet to make outbound calls. It would be hell on wheels for a phisher and it would be a hell of an attack for Skype," James said. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/
Current thread:
- Making a PBX 'botnet' out of Skype or Google Voice? InfoSec News (Apr 14)