Thursday, April 1, 2010

SPIT

VoIP spam or Spam over Internet Telephony (SPIT) is one of the foreseen future forms of spamming that Internet authorities are preparing for today. With the increasing use and dependence on the Internet for communications and data transfer, malicious software programmers have taken advantage by creating VoIP bots with the ability to harvest data and advertise massively at a very small cost. These advertising methods include email spams, SPIMS or spams over instant messaging applications, malicious bots that generate pop up ads, initiate redirects, etc.
With the inevitable popularity of VoIP over the traditional telephone, authorities are convinced that this is where the next form of spam will come from. In this case, the unsolicited emails will be replaced by video or audio recordings advertising dubious products and services. Prank callers will also take advantage of this new frontier as the new technology becomes more available. This is even more profitable for such users as they can send automated or pre-recorded advertising messages to thousands of users with just one click, making it a very cheap operation to run.

SPIT will also have more impact on users than unsolicited instant messaging and email spam as it has the potential of clogging up the network. Given enough SPIT volume, users may not have any other options that to hang the VoIP phone 'off the hook'.
Other threats include spammers who might take temporary control of a user's systems to launch VoIP attacks on other networks, hackers that will inject profane words in conversations, fake voice mails and viruses that have the ability to use critical bandwidth.
Furthermore, These VoIP bots have the capability of launching automated DDoS or distributed denial of service attacks against rival corporations or users using VoIP with SIP protocols and vulnerabilities. Botnets armed with VoIP-directed software will play a big role in launching these kinds of attacks.

VoIP Built-In Security

VoIP, however, will have the usual array of spam defenses that other forms of Internet communication applications like emails and instant messengers have to combat unsolicited video/voice communication. This will include the stealth mode of instant messenger applications, privacy options as well as spam reporting options.
Other security measures may also include separating the voice and data streams so that in the event that the voice lines do get clogged with traffic, the website traffic will not be affected and will remain operational. Anti-spyware and anti-virus systems coupled with SIP encryption systems designed for VoIP will also help a lot in screening incoming calls and data and detect any instructions in the system. This will prevent DDoS attacks from being launched against your company. Moreover, increased collaboration between ISPs and Internet authorities will also be effective in determining the locations of these spammers as well as blocking calls and data from dubious IP addresses.
Improvements and updates on the security systems for VoIP systems in its initial stages will also play a crucial role in making this communication option a cost effective and reliable alternative than telephones.