February 7, 2013Dancho Danchev By Dancho Danchev

Mobile spammers release DIY phone number harvesting tool

Need a good reason not to connect to the public Web with your phone? Wonder where all that SMS spam is coming from? Keep reading.

Mobile phone spammers have recently released a new version of a well known phone number harvesting tool, whose main objective is to crawl the public Web and index mobile phone numbers, which will later be used for various malicious and fraudulent purposes.

More details:

Sample screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine

Second screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_01

The second screenshot displays the results of the tool in the following order: unique number of the harvested phone number, the actual phone number, name of the owner, logo of the mobile operator, name of the mobile operator, date and country (in this case, Russia).

Third screenshot of the DIY phone harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_02

The third screenshot offers a real-time perspective of the logging function of the application, including the actual processed URLs.

Fourth screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_03

Users of the tool can choose which country they want to target. In this case, it’s either Russia or Ukraine which was introduced in the latest version of the tool.

Fifth screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_04

Cybercriminals and spammers are not strangers to the concept of market segmentation. Just like true marketers, the developer of the tool has included the option to choose a specific region within the available countries, with the idea to assist in the inevitable malicious and fraudulent activity that will result from this phone number harvesting activity.

Key features of the tool include:

  • Automatic recognition of Russian and Ukrainian mobile phone providers
  • Indexing based on a region and city for both Russia and Ukraine
  • Multi-threaded software allowing up to 100 “indexing streams”
  • Option to collect “all numbers”, or numbers belonging to a particular mobile provider only

What can Russian, Ukrainian or international users in general do to prevent this form of abuse?

For starters, check whether the Web site that requires your phone number is actually listing it on the Web. Although the tool doesn’t have support for internal Web site — through login+password authorization — indexing, future versions are prone to include such a feature, so ensure that the Web site where you’re posting your phone number has some sort of protection against such automatic harvesting. Think beyond CAPTCHAs, as CAPTCHAs are virtually irrelevant to today’s modern cybercriminals. The truly paranoid can always get a second phone number, and use it exclusively on the Web.

We’ll continue monitoring the development of the tool, and post updates as soon as new versions get released.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

14 Responses to Mobile spammers release DIY phone number harvesting tool

  1. Pingback: Mobile Phone Number Harvester Fuels SMS Spam « Cyber Security Aid Cyber Security Aid

  2. Pingback: Mobile Phone Number Harvester Fuels SMS Spam

  3. Pingback: Mobile spammers releases phone no harvesting tool | Technology news

  4. Pingback: Mobile Phone Number Harvester Fuels SMS Spam | infosec360

  5. Pingback: ste williams » Spammers unleash DIY phone number slurping web tool

  6. Pingback: Spammers unleash DIY phone number slurping web tool | Technophile

  7. Pingback: Phone Number Grabber Blows New Life in SMS Spammers | HOTforSecurity

  8. Pingback: How mobile spammers verify the validity of harvested phone numbers | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  9. Pingback: Segmented Russian “spam leads” offered for sale | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  10. Pingback: Mobile Phone Number Harvester Fuels SMS Spam | Threatpost

  11. Pingback: How mobile spammers verify the validity of harvested phone numbers – part two | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  12. Pingback: DIY Russian mobile number harvesting tool spotted in the wild | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  13. Pingback: Newly launched underground market service harvests mobile phone numbers on demand | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  14. Pingback: Profiling for underground service harvests mobile phone numbers

Leave a Reply

Your email address will not be published. Required fields are marked *

true