Call charges

Voip has been in the news a lot in 2005 as more and more people realise how much money they can save by making some of their calls via the net instead of through old-fashioned phone lines.

But routing phone calls via the net makes Voip systems vulnerable to a whole series of security problems, notes the Symantec report.

The growing use of Voip could encourage the emergence of:

• audio spam that clogs voicemail boxes with spoken adverts
• voice phishing that tries to con people into handing over confidential details
• caller-ID spoofing which allows conmen to make it look like they are calling from a legitimate number such as a victim's bank
• call hi-jacking that re-directs calls to conmen and criminals

Ollie Whitehouse, technical manager at Symantec's research labs, said it was important not to overplay the threat from the subversion of Voip technology.

"While there are currently very few reported attacks directed at Voip systems," he said, "Symantec believes it's only a matter of time before attackers target it more intensely."

The report also said that Voip could fuel a renaissance of an old hacking technique known as war-dialling.

In its original form this involved making a huge number of phone calls to find out which ones respond with a data tone.

Some hacker groups could trawl through Voip numbers to find what is sitting at the other end of them or to root out poorly protected servers that can then be exploited.

The report also mentions other computer security threats that continue to be a problem.

Symantec researchers have noticed the growing use by criminal hackers and hi-tech crime groups of stripped down worms, viruses and trojans to compromise machines.

Once installed, the programs contact a server and download new parts so they can cause more damage to the computer hosting them or other machines on that network.

So-called bot herds - networks of compromised PCs under the control of a malicious hacker - continue to be used as launch pads for other types of attack.

Increasingly common, Symantec researchers noted, was their use in carrying out denial-of-service (DoS) attacks which bombard target machines with so much data that they cannot cope.

The report noted that, on average, 927 DoS attacks were being carried out every day.