New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild


By Dancho Danchev

In order to emphasize on the growing trend of cybercriminals abusing legitimate infrastructure for their malicious purposes, last week, I profiled a DIY SMS flooder using Skype’s SMS-sending capability to launch a DoS (denial of service attack) against a user’s mobile device.

This week, I’ll continue providing factual evidence for the emergence of this trend, by profiling yet another recently released DIY SMS flooder, this time abusing ICQ’s sms-sending feature.

More details:

Screenshot of the advertised DIY ICQ SMS Flooder:

The DIY tool starts by first requesting a list of compromised or automatically registered ICQ accounts, and their associated passwords. It then requires a text message and a valid mobile phone number. Based on the author’s description of  the tool, one ICQ account results in 5 SMS messages sent. What’s particularly interesting about this tool is that, just like the DIY SMS Flooder abusing Skype’s SMS-sending capability, this one also doesn’t support the use of anonymization proxies, which can greatly contribute to a successful detection of multiple ICQ account log-ins through an identical IP.

The bad news? Users of the DIY SMS flooder are already requesting from the author to add Socks/Proxies support, and the ability to randomize the message in an attempt to prevent internal filtering on behalf of ICQ’s Anti-Abuse team.

Why would a cybercriminal want to launch a DoS (denial of service attack) against a user’s mobile device? On the majority of occasions, they would do so at just the right moment to prevent the user from receiving a legitimate SMS notification from their bank in the event there is a withdrawal from their banking account.

We’ll continue monitoring the development of the tool, and continue profiling related threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

3 thoughts on “New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild

  1. Pingback: Russian cybercriminals release new DIY SMS flooder « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  2. Pingback: Cybercriminals abuse major U.S SMS gateways, release DIY Mail-to-SMS flooders « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  3. Pingback: DIY Skype ring flooder offered for sale | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s