On Thu, 25 Nov 2004 Ted.Harding@nessie.mcc.ac.uk wrote:
ALUGgers who watched this evening's "Look East" will have seen that dialup phone fraud is in the news again -- people getting phone bills for hundreds of pounds for internet calls to Vanuatu, Chile, etc. on premium rates. Some Linux-users may have seen it too!
What I'd like to ask knowledgeable folk is: how does it in fact work?
It is my understanding that a common way of delivering this attack is through a web page that says something along the lines of:
`Give us your credit card number and we'll show you some scud pics. If you don't want to give us your credit card number, click here for free mucky'
where `here' is a link to an executable that installs a dialer or modifies the registry or does both.
Many Windows users are running with administrative privileges (either because all users are `privileged' as in 95/98/ME, or because the default user type is `Computer Administrator' as in XP), so the above very often works.
Anti-virus software vendors seem to have some details in their virus libraries:
http://vil.nai.com/vil/content/v_99071.htm
for example, which warns of `pictures of scantily clad women, which may appear unexpectedly'. Scantily clad? Unexpectedly? I should coco, I was assuming they'd be naked.