By Dancho Danchev
Have you ever received a blank call, and no one was on the other side of the line? What about a similar blank SMS received through your mobile carrier’s Mail2SMS gateway? There’s a high probability that it was a mobile spammer who’s automatically and efficiently verifying the validity of a recently harvested database of mobile numbers, with QA (Quality Assurance) in mind. These verified databases will be later on used as the foundation for a highly successful spam/scam/malicious software disseminating campaigns, thanks to the fact that the cybercriminals behind them will no longer be shooting into the dark. How do they do that? What kind of tools do they use?
Let’s find out by profiling a Russian DIY (do it yourself) software vendor, that’s been operating since 2011, and is currently offering a Session Initiation Protocol (SIP) based phone number verification tool, as well as USB-modem based phone number verification application.
Sample screenshot of the DIY mobile number verification tool:
The first version of the tool will basically take advantage of a single USB modem, and will automatically attempt to “blank call” a given list of phone numbers, successfully differentiating between a “free line”, “busy line” and “non-existent number” type of results. In order to speed up the process, the second version of the tool allows the use of multiple USB modems to achieve the same objective.
Sample screenshot of the second version of the DIY mobile number verification tool:
Sample screenshot of the log file of the DIY mobile number verification tool:
The tool is configured in such a way that every verification attempt costs virtually nothing to the spammer using it.
However, things have greatly changed over the last couple of years, largely thanks to the rise of SIP based communiations, allowing cybercriminals an easy access to much more efficient phone flood, or phone number verification options. Naturally, the vendor behind the original USB modem number verification tool, adapted to this emerging market trend, and is currently offering both, a SIP based phone ring flooding utility, as well as a SIP based mobile number verification tool.
Sample screenshot of the SIP based mobile number verification tool:
As you can see in the attached screenshot, the tool has already managed to verify 10 phone numbers, with 56 more pending verification. Let’s take a peek at the configuration settings.
Sample screenshot of the configuration settings for the DIY SIP based phone number verification tool:
The tool allows a potential spammer to manually set up the configuration for the server, or let the tool do the configuration for him, next to setting up intervals and multiple accounts at the SIP server.
Second screenshot of the configuration settings for the SIP based phone number verification tool:
We expect that mobile spammers will continue “innovating” with QA (Quality Assurance) in mind, and that it’s only a matter of time before we see a managed service doing exactly the same type of phone number verification practices.