http://www.techworld.com/security/news/index.cfm?newsID=108084 By Robert McMillan IDG news service 08 December 2008 Criminals are taking advantage of a bug in the Asterisk Internet telephony system that lets them pump out thousands of scam phone calls in an hour, the FBI has warned The FBI didn't say which versions of Asterisk were vulnerable to the bug, but it advised users to upgrade to the latest version of the software. Asterisk is an open-source product that lets users turn a Linux computer into a VoIP phone exchange. In so-called vishing attacks, scammers usually use a VoIP system to set up a phony call centre and then use phishing mails to trick victims into calling the center. Once there, they are prompted to give private information. But in the scam described by the FBI, they apparently are taking over legitimate Asterisk systems in order to directly dial victims. "Early versions of the Asterisk software are known to have a vulnerability," the FBI said in an advisory [1] posted on the Internet Crime Complaint Center. "The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour." [1] http://www.ic3.gov/media/2008/081205-2.aspx [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Tue Dec 09 2008 - 00:19:29 PST
This archive was generated by hypermail 2.2.0 : Tue Dec 09 2008 - 00:48:11 PST