New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild

by

Share this news now.

In order to emphasize on the growing trend of cybercriminals abusing legitimate infrastructure for their malicious purposes, last week, I profiled a DIY SMS flooder using Skype’s SMS-sending capability to launch a DoS (denial of service attack) against a user’s mobile device.

This week, I’ll continue providing factual evidence for the emergence of this trend, by profiling yet another recently released DIY SMS flooder, this time abusing ICQ’s sms-sending feature.

More details:

Screenshot of the advertised DIY ICQ SMS Flooder:

The DIY tool starts by first requesting a list of compromised or automatically registered ICQ accounts, and their associated passwords. It then requires a text message and a valid mobile phone number. Based on the author’s description of  the tool, one ICQ account results in 5 SMS messages sent. What’s particularly interesting about this tool is that, just like the DIY SMS Flooder abusing Skype’s SMS-sending capability, this one also doesn’t support the use of anonymization proxies, which can greatly contribute to a successful detection of multiple ICQ account log-ins through an identical IP.

The bad news? Users of the DIY SMS flooder are already requesting from the author to add Socks/Proxies support, and the ability to randomize the message in an attempt to prevent internal filtering on behalf of ICQ’s Anti-Abuse team.

Why would a cybercriminal want to launch a DoS (denial of service attack) against a user’s mobile device? On the majority of occasions, they would do so at just the right moment to prevent the user from receiving a legitimate SMS notification from their bank in the event there is a withdrawal from their banking account.

We’ll continue monitoring the development of the tool, and continue profiling related threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
New Russian DIY SMS flooder using ICQ's SMS sending feature spotted in the wild by

Tags:



About the Author

Name: Dancho Danchev
Role: Retired ThreatBlog Member

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can alsofollow him on  TwitterGoogle+ or Facebook.


Share this news now.
New Russian DIY SMS flooder using ICQ's SMS sending feature spotted in the wild by

Trackbacks

  1. [...] From the active abuse of the features offered by legitimate infrastructure providers such as ICQ and Skype, to the abuse of Web-based SMS sending gateways, cybercriminals continue developing and [...]

  2. [...] by the fact that more people own a mobile device than a PC, cybercriminals quickly adapted and started innovating in an attempt to capitalize on this ever-growing market segment within their portfolio of [...]

  3. [...] New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild [...]