http://www.macworld.com/article/139971/2009/04/pbxbotnet.html By Robert McMillan IDG News Service April 13, 2009 Flaws in popular Internet-based telephony systems could be exploited to create a network of hacked phone accounts, somewhat like the botnets that have been wreaking havoc with PCs for the past few years. Researchers at Secure Science recently discovered ways to make unauthorized calls from both Skype and the new Google Voice communications systems, according to Lance James, the company's cofounder. An attacker could gain access to accounts using techniques discovered by the researchers, then use a low-cost PBX (private branch exchange) program to make thousands of calls through those accounts. The calls would be virtually untraceable, so attackers could set up automated messaging systems to try and steal sensitive information from victims, an attack known as vishing. The calls might be a recorded message asking the recipient to update their bank account details, for example. "If I steal a bunch of [Skype accounts], I can set up [a PBX] to round-robin all those numbers, and I can set up a virtual Skype botnet to make outbound calls. It would be hell on wheels for a phisher and it would be a hell of an attack for Skype," James said. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Tue Apr 14 2009 - 00:15:12 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 14 2009 - 00:26:56 PDT