By Dancho Danchev
In order to emphasize on the growing trend of cybercriminals abusing legitimate infrastructure for their malicious purposes, last week, I profiled a DIY SMS flooder using Skype’s SMS-sending capability to launch a DoS (denial of service attack) against a user’s mobile device.
This week, I’ll continue providing factual evidence for the emergence of this trend, by profiling yet another recently released DIY SMS flooder, this time abusing ICQ’s sms-sending feature.
Screenshot of the advertised DIY ICQ SMS Flooder:
The DIY tool starts by first requesting a list of compromised or automatically registered ICQ accounts, and their associated passwords. It then requires a text message and a valid mobile phone number. Based on the author’s description of the tool, one ICQ account results in 5 SMS messages sent. What’s particularly interesting about this tool is that, just like the DIY SMS Flooder abusing Skype’s SMS-sending capability, this one also doesn’t support the use of anonymization proxies, which can greatly contribute to a successful detection of multiple ICQ account log-ins through an identical IP.
The bad news? Users of the DIY SMS flooder are already requesting from the author to add Socks/Proxies support, and the ability to randomize the message in an attempt to prevent internal filtering on behalf of ICQ’s Anti-Abuse team.
Why would a cybercriminal want to launch a DoS (denial of service attack) against a user’s mobile device? On the majority of occasions, they would do so at just the right moment to prevent the user from receiving a legitimate SMS notification from their bank in the event there is a withdrawal from their banking account.
We’ll continue monitoring the development of the tool, and continue profiling related threats.