AOH :: IS1457.HTM

Criminals using VoIP system for phone scam




Criminals using VoIP system for phone scam
Criminals using VoIP system for phone scam



http://www.techworld.com/security/news/index.cfm?newsID=108084 

By Robert McMillan
IDG news service
08 December 2008

Criminals are taking advantage of a bug in the Asterisk Internet 
telephony system that lets them pump out thousands of scam phone calls 
in an hour, the FBI has warned

The FBI didn't say which versions of Asterisk were vulnerable to the 
bug, but it advised users to upgrade to the latest version of the 
software. Asterisk is an open-source product that lets users turn a 
Linux computer into a VoIP phone exchange.

In so-called vishing attacks, scammers usually use a VoIP system to set 
up a phony call centre and then use phishing mails to trick victims into 
calling the center. Once there, they are prompted to give private 
information. But in the scam described by the FBI, they apparently are 
taking over legitimate Asterisk systems in order to directly dial 
victims.

"Early versions of the Asterisk software are known to have a 
vulnerability," the FBI said in an advisory [1] posted on the Internet 
Crime Complaint Center. "The vulnerability can be exploited by cyber 
criminals to use the system as an auto dialer, generating thousands of 
vishing telephone calls to consumers within one hour."

[1] http://www.ic3.gov/media/2008/081205-2.aspx 

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods