Have you ever received a blank call, and no one was on the other side of the line? What about a similar blank SMS received through your mobile carrier’s Mail2SMS gateway? There’s a high probability that it was a mobile spammer who’s automatically and efficiently verifying the validity of a recently harvested database of mobile numbers, with QA (Quality Assurance) in mind. These verified databases will be later on used as the foundation for a highly successful spam/scam/malicious software disseminating campaigns, thanks to the fact that the cybercriminals behind them will no longer be shooting into the dark. How do they do that? What kind of tools do they use?

Let’s find out by profiling a Russian DIY (do it yourself) software vendor, that’s been operating since 2011, and is currently offering a Session Initiation Protocol (SIP) based phone number verification tool, as well as USB-modem based phone number verification application.

More details:

Sample screenshot of the DIY mobile number verification tool:

Mobile_Spam_Number_Verification_USB_Modem

The first version of the tool will basically take advantage of a single USB modem, and will automatically attempt to “blank call” a given list of phone numbers, successfully differentiating between a “free line”, “busy line” and “non-existent number” type of results. In order to speed up the process, the second version of the tool allows the use of multiple USB modems to achieve the same objective.

Sample screenshot of the second version of the DIY mobile number verification tool:

Mobile_Spam_Number_Verification_USB_Modem_01

Sample screenshot of the log file of the DIY mobile number verification tool:

Mobile_Spam_Number_Verification_USB_Modem_02

The tool is configured in such a way that every verification attempt costs virtually nothing to the spammer using it.

However, things have greatly changed over the last couple of years, largely thanks to the rise of SIP based communiations, allowing cybercriminals an easy access to much more efficient phone flood, or phone number verification options. Naturally, the vendor behind the original USB modem number verification tool, adapted to this emerging market trend, and is currently offering both, a SIP based phone ring flooding utility, as well as a SIP based mobile number verification tool.

Sample screenshot of the SIP based mobile number verification tool:

Mobile_Spam_Number_Verification_USB_Modem_SIP

As you can see in the attached screenshot, the tool has already managed to verify 10 phone numbers, with 56 more pending verification. Let’s take a peek at the configuration settings.

Sample screenshot of the configuration settings for the DIY SIP based phone number verification tool:

Mobile_Spam_Number_Verification_USB_Modem_SIP_01

The tool allows a potential spammer to manually set up the configuration for the server, or let the tool do the configuration for him, next to setting up intervals and multiple accounts at the SIP server.

Second screenshot of the configuration settings for the SIP based phone number verification tool:

Mobile_Spam_Number_Verification_USB_Modem_SIP_02

We expect that mobile spammers will continue “innovating” with QA (Quality Assurance) in mind, and that it’s only a matter of time before we see a managed service doing exactly the same type of phone number verification practices.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This