Need a good reason not to connect to the public Web with your phone? Wonder where all that SMS spam is coming from? Keep reading.

Mobile phone spammers have recently released a new version of a well known phone number harvesting tool, whose main objective is to crawl the public Web and index mobile phone numbers, which will later be used for various malicious and fraudulent purposes.

More details:

Sample screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine

Second screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_01

The second screenshot displays the results of the tool in the following order: unique number of the harvested phone number, the actual phone number, name of the owner, logo of the mobile operator, name of the mobile operator, date and country (in this case, Russia).

Third screenshot of the DIY phone harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_02

The third screenshot offers a real-time perspective of the logging function of the application, including the actual processed URLs.

Fourth screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_03

Users of the tool can choose which country they want to target. In this case, it’s either Russia or Ukraine which was introduced in the latest version of the tool.

Fifth screenshot of the DIY phone number harvesting tool:

DIY_Phone_Harvesting_Tool_Russia_Ukraine_04

Cybercriminals and spammers are not strangers to the concept of market segmentation. Just like true marketers, the developer of the tool has included the option to choose a specific region within the available countries, with the idea to assist in the inevitable malicious and fraudulent activity that will result from this phone number harvesting activity.

Key features of the tool include:

  • Automatic recognition of Russian and Ukrainian mobile phone providers
  • Indexing based on a region and city for both Russia and Ukraine
  • Multi-threaded software allowing up to 100 “indexing streams”
  • Option to collect “all numbers”, or numbers belonging to a particular mobile provider only

What can Russian, Ukrainian or international users in general do to prevent this form of abuse?

For starters, check whether the Web site that requires your phone number is actually listing it on the Web. Although the tool doesn’t have support for internal Web site — through login+password authorization — indexing, future versions are prone to include such a feature, so ensure that the Web site where you’re posting your phone number has some sort of protection against such automatic harvesting. Think beyond CAPTCHAs, as CAPTCHAs are virtually irrelevant to today’s modern cybercriminals. The truly paranoid can always get a second phone number, and use it exclusively on the Web.

We’ll continue monitoring the development of the tool, and post updates as soon as new versions get released.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This