Identifying Malicious Dialers
What are dialers and how does this PC or Network pest Affect You?
Dialers are software programs which create a connection to the Internet or another computer network over analog telephones or ISDN networks. Many operating systems already contain such these programs for connections through the Point-to-Point-Protocol (PPP).Many ISPs offer "dialer" installation-CDs which are meant to simplify processes for setting up a proper Internet or Network connection. This is possible through either creating an entry in the operating systems' dialer or by installing a separate dialer.
Costly Dialers
Dialers are necessary to connect to the internet (for most non-broadband connections), but some dialers are designed to connect to premium-rate numbers. The providers of such dialers often search for security holes (usually exploited through Microsoft Windows) on the user's computer and use them to change the computer to dial up through a "chosen" number, pocketing the additional money for themselves. Some dialers inform the user what it is that they are doing, with the promise of special content(pay-for...we'll let you guess), accessible only via the special number. Examples of this content include software for downloads, (often illegal) MP3s, pornography, and in the case of at least one website, 'underground' hacking materials such as viruses or malicious pests.Costs for setting up such dialer services can be relatively low, amounting to a few thousand dollars for telecommunications equipment, whereupon the unscrupulous operator will typically take 90% of the cost of a premium rate call, with very few overheads of their own. As you can probably imagine, for a few thousand $$, this becomes an "affordable" asset to those who may choose to operate in the grey-to-black hat business arenas.
Premium rate numbers, e.g. 900 numbers in the US, are an increasingly popular method for easy electronic service payments. If they are not careful, however, users could be charged a small fortune per minute through a dialer using one of these numbers. Typically, users will stay connected for at least 10 minutes, as the internet and modems in particular are conveniently slow, and so the costs - conveniently high.
In 2003, trojan horses started to be installed which changed values in the Microsoft Windows registries and set Internet Explorer security settings in a way that ActiveX controls could be downloaded from the Internet without warning, or consent from any oblivious user. After this change is made, whenever the user accesses a malicious page or email message, it can start installing the malicious dialer. The script also disables the modem speaker and messages that normally come up while dialing into most networks. Users of Outlook, Outlook Express and Internet Explorer are especially affected if running ActiveX controls and JavaScript is allowed, as well as not having the latest security patches from Microsoft.
Users with DSL lines (or similar broadband connections) are not usually affected. A dialer can be downloaded and installed, but dialing would not be able to be executed as there are no regular phone numbers in a DSL network. If ISDN adapters or additional analog modems are installed, however, a dialer might still be able to get a connection.
Identifying Malicious Dialers
Watch for these signs...
- A download popup opens when visiting a website.
- On the website there is only a tiny hint about any price.
- Your PC downloads automatically, even if the cancel button has been clicked.
- The dialer installs a new default connection without any notice.
- The dialer creates unwanted connections by itself and without users interaction.
- The high price of the connection is not shown while connecting or connected.
A dialer can not usually be uninstalled without a high quality spyware remover, or only with serious effort and programming skill.
As of the spring 2004, malicious dialers can now get installed through a nonexistant antivirus program. Spam emails from a so-called "AntiVirus Teams" for example contain a download link to programs like "downloadtool.exe" or "antivirus.exe", which have been found to be malicious dialers. Other new ways dialers are finding their way into your PC are by greeting card mails that link to pages forcing the user to install ActiveX controls that install dialers in the background.
*Please remember never to open links in spam emails, and any automatically started downloads(unauthorized by you) should be cancelled as soon as discovered.
Make sure to check on each dial-up to the internet... looking to see that the displayed phone number is still the same.
*Always disable expensive numbers using phone company services, but of course this disables all of them -- even the honest ones.
WorldsLargestNetwork.com
|
|
Try Opera's Web Browser
