By Robert McMillan
IDG news service
08 December 2008
Criminals are taking advantage of a bug in the Asterisk Internet
telephony system that lets them pump out thousands of scam phone calls
in an hour, the FBI has warned
The FBI didn't say which versions of Asterisk were vulnerable to the
bug, but it advised users to upgrade to the latest version of the
software. Asterisk is an open-source product that lets users turn a
Linux computer into a VoIP phone exchange.
In so-called vishing attacks, scammers usually use a VoIP system to set
up a phony call centre and then use phishing mails to trick victims into
calling the center. Once there, they are prompted to give private
information. But in the scam described by the FBI, they apparently are
taking over legitimate Asterisk systems in order to directly dial
"Early versions of the Asterisk software are known to have a
vulnerability," the FBI said in an advisory  posted on the Internet
Crime Complaint Center. "The vulnerability can be exploited by cyber
criminals to use the system as an auto dialer, generating thousands of
vishing telephone calls to consumers within one hour."
Help InfoSecNews.org with a donation!