On Thu, 25 Nov 2004 Ted.Harding@nessie.mcc.ac.uk wrote:
ALUGgers who watched this evening's "Look East" will have seen that dialup phone fraud is in the news again -- people getting phone bills for hundreds of pounds for internet calls to Vanuatu, Chile, etc. on premium rates. Some Linux-users may have seen it too!
What I'd like to ask knowledgeable folk is: how does it in fact work?
It is my understanding that a common way of delivering this attack is through a web page that says something along the lines of: `Give us your credit card number and we'll show you some scud pics. If you don't want to give us your credit card number, click here for free mucky' where `here' is a link to an executable that installs a dialer or modifies the registry or does both. Many Windows users are running with administrative privileges (either because all users are `privileged' as in 95/98/ME, or because the default user type is `Computer Administrator' as in XP), so the above very often works. Anti-virus software vendors seem to have some details in their virus libraries: http://vil.nai.com/vil/content/v_99071.htm for example, which warns of `pictures of scantily clad women, which may appear unexpectedly'. Scantily clad? Unexpectedly? I should coco, I was assuming they'd be naked. -- David Redhouse dir21@cam.ac.uk http://www.arch.cam.ac.uk/ Department of Archaeology, University of Cambridge CB2 3DZ UK Phone: 0791 9058197 (50197 from UTN lines)