SMS Bombers, What They are? and How they Work?

SMS_Bomber
Screen shot of a SMS Bomber Application

The phenomenon of SMS Bomber is getting popular these days. There are many mobile subscribers who are terrified by the bombardment of thousands of text messages on their mobile phones from unknown numbers.

By defination, SMS bomber is an application which sends unlimited text messages to a mobile phone number, leaving the phone subscriber with no option but to switch off his/her phone. Deleting those messages later on is added headache for the users.

The interesting thing about SMS Bomber is that it doesn’t require name/phone number or anything to send messages, instead it only requires target’s phone number – a very secure way to annoy anyone anonymously.

Very same thing happened to me today. I got some 100 plus text messages, which actually annoyed me to the level of investigating the root cause and the working of SMS bombers.

After googling, I found out that SMS Bomber is basically a window application with very simple interface. This application takes a mobile number as input and uses web services to send text messages to the specified number.

When self tested, and intensively analyzed the network traffic, we found that there were number of http POST requests sent to a particular IP address with my number.

How SMS Bomber Works (Our Findings):

  • There are services offered by cellular companies on their websites to get your mobile numbers registered, subscribe for new services etc. These webpages take mobile number as input – in return to which they send text messages (containing PIN codes/ passwords/ confirmations etc) to mobile numbers
  • SMS Bomber takes a mobile number as input
  • Then posts this mobile number to any of cellular companies’ web pages
  • Cellular company sends relative SMS to that mobile number
  • SMS Bomber repeats this process several hundred times, resulting several hundred text messages delivered to the victim cell number

Tips for Cellular Companies (to Avoid SMS Bombers):

  • Consider using CAPTCHA
  • Consider implementing strict rules for sending back to back repetitive SMS on same number
  • Restricting http POST request can be helpful too

If webpages and services are configured properly, cellular companies can completely get rid of such annoying application.


  • What is the purpose of this article??
    It simply is to enhance your knowledge/understanding.. but people who were previously not aware of SMS bomber, will now use the it and more people will get annoyed.
    I think the admin should concider the audience before they publish such articles. The comments above prove it all..

    • Purpose of this article is to communicate the cellular companies – on how they are responsible for misery of subscribers. I hope they will listen and will block all doors

      • ‘How SMS bomber works’ that’s what you call communicating to the cellular companies??? Are you trying to explain the cellular companies how SMS bomber works?? and by one line suggestion of blocking POST request will resolve all???
        if you really care for the people and want the cellular companies to block this than go to court and file a petition. By posting such material on web will neither affect the cellular companies nor will stop the people from using it..

        • Boss, we are bloggers and not activists. Our job is to get the information to the right people – and i believe we have done right thing here. Now its cellular companies’ responsibility to either act or otherwise forget it and let their customers suffer.

        • WOW! Check your water supply as it might be tainted. Dude, a blog is like a newspaper. They publish stories for public interest.

          Has GEO ever submitted a legal petition on corruption? NO.

          If anyone who would be submitting a petition, it would be the author of this post or any of the mobile companies.

    • Grow up! The article is about how WebSMS services are a potential non-sense service. He did not say go to a particular website and test it out. SMS bombing softwares are not easy to be found.

      If I am not wrong, there are not many FREE WebSMS services.

  • PTCL should investigate those employees who do not perform their duties properly and FIRE them from them the company. Really, if PTCL really wants to do this task, just see complaints in each area and the time period since complaints were submitted and still not resolved then take immediate action against all PTCL staff of that exchange/area. Specially, I would request Govt. to take strict actions against PTCL Exchange Shah Faisal Colony situated at Colony Gate.

  • I think telcos are already aware of such bombers and will take action against them when and if they want. Putting this info up here on blog means letting people know of another tool they can play around with. If you really wanted to inform telcos on how to stop SMS bombardment then you should have written directly to telco representatives rather than putting it up here.

    I believe only 10% of the readers of this blog were aware of SMS bombers before it was put up here. Only good thing about the article is that you didn’t give any links to those bombers in this article but the readers will start googling it from today onwards to find one bomber for themselves!

  • hi all ,

    As one of the pro and initial coder of the SMS bombing applications , i had seen many international sms bombing app , i made “Draagon sms bomber” to disclose the flaws in telecom portal services and was really successfull , every1 of them inforced captcha ,

    moreover it work on Both POST and GET , the best thing servers can do is place an server side interval , simple as this

    2ndly info of connected browser coz bombing is done by 2 methods a) Winsock b)browser request.

    however if some gets attacked ,ill can be a helpinghand as i know all of bomber coders and their applications and how they work.

    Regards !

  • come on.. one wouldnt possibly buy a gateway if he wants to implement a simple sms feature in his software or website…..

    in that case these non-captcha sms websites are handy! dont make things hard fr everyone…

    and the man.. who has made this software should be RECOGNIZED… something that we Pakistans wont understand as our news channels are dedicated to show corruption 24/7!

  • galat post hai amir bhai, yar yahan awam tarasti hy k kuch milay jis se hum jigr0 yar0 rishteydar0 lerkiy0 k numbrx ki vatt lagayein, is se acha 0r kya h0ga ye sab unk0 pooRa kernay k liye, dont mind buddy per khtm ker dein is post k0.

  • Hey admin CAPTCHA will not work in this case. I have my own module that recognize CAPTCHA and automatically enters it with 87.47% accuracy and I am using it to download movies and other stuff automatically from hotfile and services like that :)

    PAKISTAN GOT TALENT :D simple

  • Sarkar ap nay tu mazeed sms bombers ki marketing kar di hai yahan. people are now asking here for the sms bombers, jinhay pehle pata nahi tha ab woh bhe iss herkat main shamil ho jainge. ager cellular companies ko he batana tha tu ap unhay personally email bhe kar sakte thay, just like ap log contact karte hain information laine k lye. yahan pe post kar k sahe nahi kiya.

  • If anybody didn`t know of SMS bombers, he know that now..and in my opinion knowledge should be shared but self censorship should also be practiced. The best thing would have been to provide some way to stop the SMS bombers, which there isn`t. Now they can run amok with it and mentally torture people.

  • Fruitful Information–
    I also having a bomber, but only test not to annoy any one–

    The networks should take care of such mistakes..
    CAPTCHA is better to avoid–

  • knowledge shud be free , for all , uncensored and practical even if it ismisused , thers always a matter of destruction for holly constructions , so no point of curtaining these type of articals,

  • There is an option in my mobile which is called “Add to Screening List”. It means that a particular number is blacklisted on my mobile phone and messages from that number arrive at a special folder named “Screened Messages”. There is also a limit to that folder that it can only contain 10 messages at a time, so old messages are automatically deleted. I even don’t get any alert when messages from the blacklisted number arrives.

  • I am a developer and I know This is an easy thing to develop, i can do this in less than an hour. But i dont want to do wrong things.


  • >