At 03:26 PM 11/25/2004, Wayne Stallwood wrote:
On Thursday 25 November 2004 7:11 pm, Ted Harding wrote:
ALUGgers who watched this evening's "Look East" will have seen that dialup phone fraud is in the news again -- people getting phone bills for hundreds of pounds for internet calls to Vanuatu, Chile, etc. on premium rates. Some Linux-users may have seen it too!
What I'd like to ask knowledgeable folk is: how does it in fact work?
I've never seen more than a vague description of it, on the lines that when one is on line "the call is diverted to a premium rate number", apparently through some subversion of Internet Explorer.
Those are usually known as porn diallers and it is started with a yes to a "you must install application foo to view content blah" This installs a background dialler that then calls the premium rate number.
But something else struck me, that if it isn't happening already could possibly happen.
There is a file extension ".ins" that can kick off the internet connection wizard in a fairly silent mode with defined settings.
Yes. And it turns off the speaker so the unwitting used is unaware that the machine is re-dialing.
I had a boss a couple of years ago who was not very bright. He was constantly getting these things on his PC. In addition to re-dialing, the program courteously placed a little icon on the desktop essentially "Click me for your daily Pr0n."
I recall one time I installed a new 9 Gig hard drive on his computer. Then, about a month later he came to me complaining because he had no disk space. I, somewhat shocked, thought that there must be something gravely wrong with his machine because there was no way he could fill up that amount of space. But he had. It was all porn. Tens of thousands of .jpeg's.
I quietly deleted it all and simply told him that his computer was fixed.
A month later he had it all filled up again.
It occurred to me that the amount of time this man spent downloading that stuff must have been virtually every minute of his time on the job.
I have no idea how much the phone was but it must have been astronomical. .
You can (with a simple plain text .ins file) define every aspect of a dial up and mail (if you want) config including "I think" if it is Explorers default.
The trick is to get it working as a transparent proxy so you actually get a working connection just on a premium number (maybe even get mail relaying to work by intercepting all traffic on 25 and redirecting it to an open relay). Hence unless the user studies the dial up box when IE brings it up they probably wouldn't notice.
Some Mac's with IE installed could also be vulnerable to this, on Mac's I think there is a mime type called application/x-internet-signup that takes the same format of configuration file as the .ins on windows.
Nasty stuff but I don't think it would translate very well into the Linux world. It's another one of those Internet Exploder trying to be too "clever" / Windows desktop users having too higher default privileges things.
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004