AOH :: IS1966.HTM

Making a PBX 'botnet' out of Skype or Google Voice?

Making a PBX 'botnet' out of Skype or Google Voice?
Making a PBX 'botnet' out of Skype or Google Voice? 

By Robert McMillan
IDG News Service 
April 13, 2009

Flaws in popular Internet-based telephony systems could be exploited to 
create a network of hacked phone accounts, somewhat like the botnets 
that have been wreaking havoc with PCs for the past few years.

Researchers at Secure Science recently discovered ways to make 
unauthorized calls from both Skype and the new Google Voice 
communications systems, according to Lance James, the company's 

An attacker could gain access to accounts using techniques discovered by 
the researchers, then use a low-cost PBX (private branch exchange) 
program to make thousands of calls through those accounts.

The calls would be virtually untraceable, so attackers could set up 
automated messaging systems to try and steal sensitive information from 
victims, an attack known as vishing. The calls might be a recorded 
message asking the recipient to update their bank account details, for 

"If I steal a bunch of [Skype accounts], I can set up [a PBX] to 
round-robin all those numbers, and I can set up a virtual Skype botnet 
to make outbound calls. It would be hell on wheels for a phisher and it 
would be a hell of an attack for Skype," James said.


Best Selling Security Books and More! 

Site design & layout copyright © 1986-2015 CodeGods