Using auditing tools for hacking VoIP servers
It has long been known that "bona fide" software can be used for criminal purposes. The last example of such actions was investigated by NSS Labs .
SIPVicious is a popular set of tools for auditing voice communication systems based on SIP (Session Initiation Protocol). This set is used for hacking and further possible use of VoIP servers for the purpose of calling to expensive paid numbers or for voice phishing (vishing, voice fishing).
It all starts with the user's visit to a regular site, previously hacked by hackers. This site hosts a malicious iFrame that redirects the user to the server with the Black Hole hacking tool. A vulnerability is searched for in the user system - and if it is found, a Trojan program ( jqs.exe ) is loaded and executed.
This program contacts the managing server for instructions, then goes to the domain in the .cc zone and downloads the SIPVicious toolkit , the Python interpreter and the unrar archiver.
')
Trojan launches the Microsoft installer in a “quiet” background mode, which installs Python and unzips SIPVicious . Details can be found here .
On commands from the managing server, SIPVicious is used to scan and brute-force attacks (brute force) on SIP devices in the local network. If the attack was successful, the Trojan attempts to register on it and provide access to attackers for further operations.
SIPVicious is a popular set of tools for auditing voice communication systems based on SIP (Session Initiation Protocol). This set is used for hacking and further possible use of VoIP servers for the purpose of calling to expensive paid numbers or for voice phishing (vishing, voice fishing).
It all starts with the user's visit to a regular site, previously hacked by hackers. This site hosts a malicious iFrame that redirects the user to the server with the Black Hole hacking tool. A vulnerability is searched for in the user system - and if it is found, a Trojan program ( jqs.exe ) is loaded and executed.
This program contacts the managing server for instructions, then goes to the domain in the .cc zone and downloads the SIPVicious toolkit , the Python interpreter and the unrar archiver.
')
Trojan launches the Microsoft installer in a “quiet” background mode, which installs Python and unzips SIPVicious . Details can be found here .
On commands from the managing server, SIPVicious is used to scan and brute-force attacks (brute force) on SIP devices in the local network. If the attack was successful, the Trojan attempts to register on it and provide access to attackers for further operations.
Source: https://habr.com/ru/post/127902/
All Articles