• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Hacking
  • Malware
  • How cybercrime uses a compromised Skype account

How cybercrime uses a compromised Skype account

Pierluigi Paganini April 10, 2013

In various articles I wrote on the large diffusion of botnets and the capabilities of malicious agents to use as spread channel the social media platforms or popular applications.

The diffusion and management of a botnet architecture has never been so easy, the underground offer covers every need and provides advanced customization services.

Security expert Dancho Danchev has recently reported that the diffusion of malicious structures is increasing and that the proceeds related their use, such as stolen accounting data on a mass scale, are considered a commodity that’s being offered by virtually all participants in the cybercrime ecosystem.

Every day users access to their email box, run every kind of application from different platforms and communicate using most popular chat and VOIP … they daily do all this operation in most of cases ignoring security fundamentals and criminals know it.

We all know what happen when the user is a victim of a hack on his email account or if his social network profile is compromised, but do you really know what could happen if hackers can gather access to your Skype account?

Various the hypothesis proposed by Danchev such as:

  • Use Skype credit for personal purposes.
  • Use the account as a channel to spread malicious links or infected files.
  • Use accounting data for successive TDoS (Telephony Denial of Service) services.

What is really concerning is that all these operations are simply executable by any cyber criminal due the large diffusion of DIY tools, in particular in this case in the underground is already available a nice tool dedicated to the popular Skype.

diy_skype_rings_flooder_01 (1)

The criminals factory is providing ring flooder dedicated to Skype providing for the product also training material and a small amount of credit to start to work, all the package at the cost of 490 rubles ($15.67).

In execution the flooder search for Skype instances and once detected them it starts dialing any given number within a particular range, the application is very simple and not support multiple account neither gives the possibility to anonymize the communication using a proxy.

The offer in the underground on Skype does not end here, recently a DIY SMS flooder has been offered on hacking forums for $20, following a simple screenshot of the advertised DIY Skype SMS flooding tool:

SMSFlooder

Using the DIY tool attacker can send SMS messages to numbers in Russia, Ukraine, and Azerbaijan taking advantage of the fact that every Skype account with a positive balance can send SMS messages.

To start the attacks hackers just need to authenticate themselves using a stolen Skype account, then the tool will automatically start using the account’s balance and flood the victim’s cell phone number with multiple messages. Current tool is not yet optimized because it uses only one Skype account, however the authors are working to a new release that will support for multiple Skype accounts at any time with obvious consequences.

We have also said that using Skype is possible to conduct malicious campaigns on a large scale to infect its users, last week Dmitry Bestuzhev, a Kaspersky Lab Expert,  published an interesting article that described a malware in circulation that is using Skype as a vector to spread its code to infect machines with a primary purpose to mine Bitcoins.

The malicious campaign is really recent, the researchers  detected a variant of malware that used the popular Skype VOIP client to send messages to the users suggesting them to click on a malicious link to see a picture of themselves online.

Bitcoin Skype Malware

Despite the campaign started a few days ago thousands of victims have been already infected clicking on the malicious link proposed through Skype, Kaspersky estimated around 2000 clicks per hour.  It’s not the first time that Skype is used to spread malware, in the last week the same research Bestuzhev  detected another malware from Venezuela using the same techniques for different purpose.

Venezuelan Skype Malware

The last scenario to explain is related to the use of accounting data for successive TDoS (Telephony Denial of Service) services, Ring-based DIAL (Digitally Initiated Abuse of teLephones) attacks are becoming very common such as the SMS-based DoS (Denial of Service) attacks, it’s natural that criminal community is starting to focus its offer on a product that can easily automatize them.

What is a TDoS?

During the last weeks security experts have witnessed a surge in number of TDoS attacks (telephony denial of service) attacks against Emergency call centers, Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued an alert on the malicious events and the need to prevent it deploying proper countermeasures.

The attackers hit public-safety answering points (PSAP), also known as “public-safety access point”, or rather call centers responsible for answering calls to an emergency telephone number like police or firefighting. This type of attack is very dangerous because having direct impact on crucial operations.

The alert is high, ambulance and hospital communication lines, public entities and private business are considered privileged targets exposed to major risks. Principal motivation behind this type of attacks is the extortion according US authorities. Following the typical scheme of an attack described by DHS and the FBI:

1.    An individual calls, claiming to represent a payday loan collections company.
2.    The caller typically has a strong accent and asks to speak with a current or former employee about an outstanding debt.
3.    The caller demands payment of $5,000 because an employee (who no longer works for the company or never did) defaulted on a loan.
4.    When the target fails to cough up the money, the attacker launches a TDoS.
5.    The organization is then inundated with a continuous stream of calls for an unspecified but lengthy period of time.
6.    Phone service is disrupted, preventing incoming and/or outgoing calls.

The agencies have offered these recommendations for targeted organizations:

  • Don’t pay the blackmail.
  • Report all attacks to the FBI by logging onto the website www.ic3.gov. Use the keyword “TDoS” in your report title. Identify your organizations as a public safety answering point (PSAP) or Public Safety organization.
  • List as many details as possible, including:
    • Calls logs from the “collection” call and TDoS
    • Time, date, originating phone number and traffic characteristics
    • Call-back number to the “collections” company or requesting organization
    • Method of payment and account number where the “collection” company requests the debt to be paid
    • Any information that you can obtain about the caller, or his/her organization
  • Contact your telephone service provider; they may be able to assist by blocking portions of the attack.

All these cases show great interest of cyber criminals in the possibility to interfere with communication channels such as VOIP or telephone lines, the attacks are mainly motivated by the intent to monetize the attack with extortion scheme, menacing the company to paralyze it blocking all critical communication channels.

The future could reserve nasty surprises, hackers don’t need specific skills to paralyze a company or hit a public services … we must be prepared!

(Security Affairs – Cybercrime)


facebook linkedin twitter

botnet Cybercrime Skype TDoS underground

you might also like

Pierluigi Paganini July 13, 2025
Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb
Read more
Pierluigi Paganini July 13, 2025
Wing FTP Server flaw actively exploited shortly after technical details were made public
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

    Security / July 13, 2025

    Wing FTP Server flaw actively exploited shortly after technical details were made public

    Hacking / July 13, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

    Breaking News / July 13, 2025

    Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 13, 2025

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT