In order to emphasize on the growing trend of cybercriminals abusing legitimate infrastructure for their malicious purposes, last week, I profiled a DIY SMS flooder using Skype’s SMS-sending capability to launch a DoS (denial of service attack) against a user’s mobile device.
This week, I’ll continue providing factual evidence for the emergence of this trend, by profiling yet another recently released DIY SMS flooder, this time abusing ICQ’s sms-sending feature.
More details:
Screenshot of the advertised DIY ICQ SMS Flooder:
The DIY tool starts by first requesting a list of compromised or automatically registered ICQ accounts, and their associated passwords. It then requires a text message and a valid mobile phone number. Based on the author’s description of the tool, one ICQ account results in 5 SMS messages sent. What’s particularly interesting about this tool is that, just like the DIY SMS Flooder abusing Skype’s SMS-sending capability, this one also doesn’t support the use of anonymization proxies, which can greatly contribute to a successful detection of multiple ICQ account log-ins through an identical IP.
The bad news? Users of the DIY SMS flooder are already requesting from the author to add Socks/Proxies support, and the ability to randomize the message in an attempt to prevent internal filtering on behalf of ICQ’s Anti-Abuse team.
Why would a cybercriminal want to launch a DoS (denial of service attack) against a user’s mobile device? On the majority of occasions, they would do so at just the right moment to prevent the user from receiving a legitimate SMS notification from their bank in the event there is a withdrawal from their banking account.
We’ll continue monitoring the development of the tool, and continue profiling related threats.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.