July 2, 2012 By Dancho Danchev

Cybercriminals launch managed SMS flooding services

Mobile devices are an inseparable part of the modern cybercrime ecosystem. From ATM skimmers with SMS notification next to fake antivirus scanners for Android users, the growth of the mobile malware segment is pretty evident.

In this post I’ll profile a recently spamvertised managed SMS flooding service, in the context of E-banking fraud, and just how exactly are cybercriminals using the service as a way to evade detection of their fraudulent transactions.

More details:

Screenshot of the SMS flooding advertisement:

The ad offers SMS flooding service covering all countries. The prices? 500 SMSs cost 40 rubles ($1.21), 1000 SMSs cost 80 rubles ($2.43), and 10,000 SMSs cost 700 rubles ($21.29). The service offers a test with 50 SMSs, and reserves the right to offer services to users requesting more than 10,000 SMSs.

Although modern crimeware successfully undermines the effectiveness of two-factor authentication and SMS authorization, next to crimeware variants modifying the actual balance of the affected victim, certain financial institutions offer SMS alerts to customers who inquire about the service. What exactly does the service do? Basically it sends a SMS to the owner of the bank account every time money comes in and goes out of this account depending on the user’s preferences. In this way, if a customer becomes a victim of financial crime, they can immediately alert their bank for the fraudulent transactions.

Naturally, cybercriminals quickly adapted to the new service. From professional social engineering attempts aiming to trick a financial institution into changing the default mobile number of the account owner to a mobile number located within the same country, but operated by the cybercriminal — renting mobile phone numbers for committing cybercrime is available as a service —  to launching a  DoS (Denial of Service) attack against the mobile device of the account owner in an attempt to prevent him from successfully reading the SMS notification alerting him of the fraudulent transaction, cybercriminals can be pretty creative when it comes to bypassing this value-added feature.

This is exactly what the SMS flooding service is all about. Next to launching random SMS flooding attacks at a particular number in an attempt to disrupt a competing firm’s mobile communications with its potential clients just like DDoS attacks do, the service also has the capability to assist in a situation where a cybercriminal is about to transfer money out of the compromised account, but wants to prevent its owner from receiving a SMS notification of the fraudulent transaction. By sending thousands of SMS messages in the exact same time when the fraudulent transaction will trigger a SMS notification, the cybercriminal increases the average time for a successful detection of the account’s compromise, since its owner would miss  the SMS notification sent from the bank in between sorting out the thousands of SMS messages received.

We predict that just like MMS, Bluetooth and SMS spamming services, SMS flooding service will gain even more popularity in the long term as a way to assist a cybercriminal on his way to hide a fraudulent transaction.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button
0 comments

Trackbacks

  1. […] en el blog de ​​Brian Krebs aquí , con más en SMS inundaciones servicios a Webroot aquí . Compártelo:CompartirCorreo electrónicoImprimirMe gusta:Me gustaBe the first to like this. […]

  2. […] this tool represent an actual threat to Skype’s users, or victims of the SMS flooding attack? Thanks to the fact that it has the capability to use only one Skype account, it will have a […]

  3. […] to the systematically released DIY SMS flooding applications, cybercriminals have successfully transformed this market segment into a growing and professionally […]

  4. […] to the systematically released DIY SMS flooding applications, cybercriminals have successfully transformed this market segment into a growing and professionally […]

  5. […] What the cybercriminals behind this flooder did is collect publicly obtainable information on U.S based mobile carriers, incorporate the details into the program, and allow anyone to launch SMS flooding attacks over SMPT (Simple Mail Transfer Protocol). The nasty feature is currently affecting the majority of U.S based mobile carriers, and with the program already leaked at several cybercrime-friendly online communities, it’s only a matter of time before it gets included into the arsenal of tools of a managed SMS flooding service. […]

  6. […] Security) for the sake of growing their business model and attracting new customers. Just like the managed SMS flooding as a service concept, which we previously profiled and discussed, there’s yet another tactic in use by […]

  7. […] The accepted payment method is WebMoney. Next to the actual harvesting of mobile phone numbers on demand, the vendor is also ‘vertically integrating’ within the marketplace by also offering phone number verification services as well as actual SMS spamming/SMS based TDoS (telephony denial of service attack) services. […]

true