From: InfoSec News (alertsinfosecnews.org)
Date: Tue Apr 14 2009 - 02:15:12 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.macworld.com/article/139971/2009/04/pbxbotnet.html

By Robert McMillan
IDG News Service
April 13, 2009

Flaws in popular Internet-based telephony systems could be exploited to
create a network of hacked phone accounts, somewhat like the botnets
that have been wreaking havoc with PCs for the past few years.

Researchers at Secure Science recently discovered ways to make
unauthorized calls from both Skype and the new Google Voice
communications systems, according to Lance James, the company's
cofounder.

An attacker could gain access to accounts using techniques discovered by
the researchers, then use a low-cost PBX (private branch exchange)
program to make thousands of calls through those accounts.

The calls would be virtually untraceable, so attackers could set up
automated messaging systems to try and steal sensitive information from
victims, an attack known as vishing. The calls might be a recorded
message asking the recipient to update their bank account details, for
example.

"If I steal a bunch of [Skype accounts], I can set up [a PBX] to
round-robin all those numbers, and I can set up a virtual Skype botnet
to make outbound calls. It would be hell on wheels for a phisher and it
would be a hell of an attack for Skype," James said.

[...]

_______________________________________________
Best Selling Security Books and More!
http://www.shopinfosecnews.org/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]