[ISN] Criminals using VoIP system for phone scam

From: InfoSec News <alerts_at_private>
Date: Tue, 9 Dec 2008 02:19:29 -0600 (CST)
http://www.techworld.com/security/news/index.cfm?newsID=108084

By Robert McMillan
IDG news service
08 December 2008

Criminals are taking advantage of a bug in the Asterisk Internet 
telephony system that lets them pump out thousands of scam phone calls 
in an hour, the FBI has warned

The FBI didn't say which versions of Asterisk were vulnerable to the 
bug, but it advised users to upgrade to the latest version of the 
software. Asterisk is an open-source product that lets users turn a 
Linux computer into a VoIP phone exchange.

In so-called vishing attacks, scammers usually use a VoIP system to set 
up a phony call centre and then use phishing mails to trick victims into 
calling the center. Once there, they are prompted to give private 
information. But in the scam described by the FBI, they apparently are 
taking over legitimate Asterisk systems in order to directly dial 
victims.

"Early versions of the Asterisk software are known to have a 
vulnerability," the FBI said in an advisory [1] posted on the Internet 
Crime Complaint Center. "The vulnerability can be exploited by cyber 
criminals to use the system as an auto dialer, generating thousands of 
vishing telephone calls to consumers within one hour."

[1] http://www.ic3.gov/media/2008/081205-2.aspx

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Tue Dec 09 2008 - 00:19:29 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 09 2008 - 00:48:11 PST