On Thu, Nov 25, 2004 at 07:11:57PM -0000, Ted Harding wrote:
What I'd like to ask knowledgeable folk is: how does it in fact work?
I have heard of some people getting dodgy amounts on their bills (possibly some small sea side town in Norfolk, I don't recall) in the middle of the night, some of the residents don't even own a computer, so some of this occurrences are not down to dodgy dialer software at all. I'm not sure quite how this is/was happening, but it appeared that BT wanted to hush it up for obvious reasons.
Most of the other times I have heard of people getting caught with rogue diallers is by remote exploits in IE triggered via visiting a web page (I like the way that when you do a default install of WinXP it gives you a default account with elevated priviledges that allow you to do *anything* to the machine) or by dodgy attachements sent via email to exploit holes in Outlook and Outlook Express. The other way is via popups, I did see one guy on the tele who said that he got lots and lots of popups in his browsing session when he clicked on the wrong link from google or some such "they kept asking me do i want to change my settings yes or no, every time i clicked "no" a new popup box would appear and the only way I could make it go away was to click on the "yes" button."
Personally I doubt that we will see much of this attacking Linux and similar due to most distros not giving all new users root priviledges etc. and that the split of clueful/not clueful who would spot an attempt at some kind of subversion via a webpage etc. is going to be much higher than that of the Windows using masses.
The only way people are going to get better protected against this kind of scam is to either run software that requires less fiddling in a default install to make the system secure (god knows how long it takes to do WinXP, I know I havn't bothered, but then my machine is behind a half decent firewall, has anti-virus, anti-spyware and I browse using firefox in XP as the XP install is for the few games I play that don't have Linux versions) due to the time considerations, most/many home users won't have the knowhow or inclination to fix this, and they probably (and quite rightly the assumption should be made that a default install of any OS should be at least slightly secure imho) assume that a default install of Windows should protect them against most nasties without input on their behalf, but then thats Microsoft for you, who make it "easier" for you to do things on your computer while at the same time making it easier for all the nasty people on the internet too.
On top of that, when broadband/adsl/whatever you want to call it, becomes much cheaper for low end services much more of this problem will hopefully go away as the machines are at least no longer on a dialup modem, and if the people buy a half decent router it will offer a firewall that will be better than what comes with Windows by default.
Adam