Hacking Telecom: What’s Next?!

Posted April 1st, 2009 by Mike Cherim

All the rage nowadays is using your high speed Internet connection for telecommunications purposes, instead of using the good old phone company and their possibly overpriced services. There are even devices out there that you can plug one end of into your computer’s USB port and the other end becomes a common phone jack. It’s all pretty cool, except for one major downside — the latest new threat. Here’s what it is and how it works.

The Centipede Virus

There is new breed of computer virus being distributed by both email and via malicious web sites that some are calling the Centipede. When this virus, a worm variant, infects the user’s computer it is delivered as a single seemingly innocuous payload-bearing file such as GIF, JPG, or PNG with corrupted EXIF data. Once inside it breaks into metamorphic segments that disperse to various parts of the system. This is known as Phase One. These parts, even though they’re separated, all perform different functions. Some functions are Decoys, others are Finders (looking for emails to exploit for the sole purpose of extending virus distribution), and the most important functions are called the Marketers and these are the main residents. I’ll get to them in a minute.

Short of measuring physical counts of out-bound data packets, the virus is as of yet undetectable by either anti-virus/anti-malware software or human users. The only indication of infection — and only when the virus reaches its Phase Two when the Marketers are active — is slightly slower online performance. Phase Two is only implemented when a sufficient high speed Internet connection is present. If the connection isn’t available the resident Marketers part of the virus sits dormant waiting until such a time it’s plugged into a suitable connection. It does check continuously whenever the system is powered up but its demand is negligible. All functions are system-invisible.

Damn The Marketers

Phase Two of this new Centipede virus activates the Marketers. These are tiny individual and practically independent programs that carry out two major roles orchestrated as follows:

  1. A Marketer receives a signal that a connection is available and silently accesses one of several online databases obtaining a packet that contains a randomly generated outbound phone number, a small human recording, human operator number data, and a calling list. The packet size is less than 100kb so it’s not even noticeable. Individual Marketers stagger their requests so as to not exceed a 300kb limit at any given time. Smart.
  2. Once the Marketers are ready they start dialing the numbers in the call list (much like a predictive dialing machine) and play the recording. This is also a staggered activity. If the call completes and the recording is played to its end (not hung up on), it is seamlessly appended with more voice data instructing the listener to Press 1 for more information (or to order), which sends them to a human, or to Press 2 to be removed from the list. Pressing 2, of course, just ends the call to free up the line. Rude.

Tell Me, What’s Next?!

The good side about all this is that this virus is designed to specifically not hinder or degrade system performance to the point that users will really take notice. Then again, it won’t be detectable (yet) so the good is also the bad. And the bad gets worse.

Telemarketers call millions of people every day. And for this privilege they pay a lot of money for phone charges. Because of these costs, the number of calls made is quite limited, comparatively speaking. If making phone calls was free to telemarketers they would make a lot more of them. It’s this same logic that limits the amount of postal junk mail we receive — and conversely the lack of those limits keep our email in-boxes full of spam.

Now the phone calls will be free, courtesy of our high speed connections. This is really bad. It is expected that within one year, unless this virus is stopped, that telemarketing calls made to a typical household (residential listing) telephone in the United States will increase from 2.7 calls per day to a staggering 141.2 calls per day. This is an estimate. Elsewhere I know not.

So far it looks like we’re screwed. If this continues unabated as planned by the virus’s engineers, telemarketers will destroy the telephone just as spammers have ruined email. What’s next?!

9 Responses to: “Hacking Telecom: What’s Next?!”

  1. webecho responds:
    Posted: April 1st, 2009 at 1:48 am


  2. Tommy Olsson responds:
    Posted: April 1st, 2009 at 5:28 am

    LOL! Well done!

  3. David Zemens - 1955 Design responds:
    Posted: April 1st, 2009 at 7:44 am

    I smell a rat. :-)

  4. Marc Watts responds:
    Posted: April 3rd, 2009 at 7:10 pm

    Where is the evidence for any of this? Could you please add some links to other articles discussing this virus as well.

  5. Marc Watts responds:
    Posted: April 13th, 2009 at 7:05 am

    It all makes sense now, how stupid of me, I was wondering why this article was a lot different than the others that you usually write, and now I see that it has the date April 1st. I actually read this a couple of days after the first and as a usual reader of websites, I scan through paragraphs and missed the point of the article.

Sorry. Comments are closed.

Note: This is the end of the usable page. The image(s) below are preloaded for performance only.