On Thursday 25 November 2004 7:11 pm, Ted Harding wrote:
ALUGgers who watched this evening's "Look East" will have seen that dialup phone fraud is in the news again -- people getting phone bills for hundreds of pounds for internet calls to Vanuatu, Chile, etc. on premium rates. Some Linux-users may have seen it too!
What I'd like to ask knowledgeable folk is: how does it in fact work?
I've never seen more than a vague description of it, on the lines that when one is on line "the call is diverted to a premium rate number", apparently through some subversion of Internet Explorer.
Those are usually known as porn diallers and it is started with a yes to a "you must install application foo to view content blah" This installs a background dialler that then calls the premium rate number.
But something else struck me, that if it isn't happening already could possibly happen.
There is a file extension ".ins" that can kick off the internet connection wizard in a fairly silent mode with defined settings. You can (with a simple plain text .ins file) define every aspect of a dial up and mail (if you want) config including "I think" if it is Explorers default.
The trick is to get it working as a transparent proxy so you actually get a working connection just on a premium number (maybe even get mail relaying to work by intercepting all traffic on 25 and redirecting it to an open relay). Hence unless the user studies the dial up box when IE brings it up they probably wouldn't notice.
Some Mac's with IE installed could also be vulnerable to this, on Mac's I think there is a mime type called application/x-internet-signup that takes the same format of configuration file as the .ins on windows.
Nasty stuff but I don't think it would translate very well into the Linux world. It's another one of those Internet Exploder trying to be too "clever" / Windows desktop users having too higher default privileges things.