back to 878help
Stay tuned for more on this subject as this story
unfolds...Last revised: Oct. 2005
Poor virus protection, fear of updates and smart minds move this real expensive threat into our area. It has struck before as early as 1996-97 in the US and Canada (see links below; these links provided are for your information only, as no one could tell me where to find any! Deighton claims no ownership, rights or privileges associated with the articles. Use them at your own risk )
This carefully thought out scam could bring direct profit for at least four different types of companies, with spin off effect work for many others, PAID indirectly from Internet users (or phone line owners) with a functional phone line connected to their PC or network.
Possible direct profit for:
1 - Global Internet content providers or Adult material providers
2 - Global Computer programmers whom write this malicious software code
3 - Global Independent money exchange companies or Internet payment companies
4 - Global Long distance AND telephone companies as they're the ones you pay
Possible spin off work for:
5 - Global anti-virus and other Internet intrusion tool companies
6 - Local computer technicians/consultants as the computers will have to be
*cleaned* and updated
7 - Local media as it makes front page news and sells more advertisements
8 - Local telephone companies as they offer *protection* products
Net scam nets $300 from city resident
Phone scam hikes woman's Bell bill Added May 22, 2002, Internet scam costs Dunsford family $2,000
CGA Magazine - October 1997 adult_scam AT&T -- Porn Merchant
Long Distance Phone Scam Hits Internet Surfers
Consumer complaints about AT&T Billing Disputes
Consumer complaints about dialer.exe Speed Dialers
Welcome to Next Gen Exchange ebs Electronic Billing Systems AG-Online Payment Systems
FIX Java Security Issue Allows Access to ActiveX Controls
JS_EXCEPTION.GEN - Description and solution
LincMad International Telesleaze Prefixes TELECOM Digest and Archives
SCAM SHIELD - Protecting Citizens With Knowledge ScamWatch
Telecommunications Industry Ombudsman Public Area FAQs ADR
Added May 21, 2002, ICSTIS, an Independent Committee for the Supervision of Standards of Telephone Information Services, regulates the content and promotion of premium rate telephone services in the UK, maybe Canada needs one of these?
Computer Associates info on W32.PornDial
Added May 31, 2002, After a fresh install of IE5 (before any patches were installed) at a customer's site, I had the dialler program popup and asked to be downloaded and installed. This was preceded by a whack of instances of New IE windows that had no X to close them. This was.initiated by visiting a website address for lyrics!
Early April 2002, a customer called my office wondering how long distance, over-seas phone calls were being made from their computer. The calls cost them $550.00 !!! I investigated it on the Internet and found similar happenings in the US in the fall of 2001. I followed up with an on-site service call to my client's home and found no traces of any 1-900 dialers or any traces of on-site porn activity in the browser's history (I thought the youth had covered their tracks). The youth in the home denied going to any adult websites (typical) and said that they only used the Internet for chatting on Yahoo and emailing thru Hotmail.
I advised my client that the calls were probably made from their computer while visiting adult content websites and that they should dispute the charges with the phone company (it is illegal to sell adult material to youths isn't it???). The phone company said that the calls were made from their home, and they were responsible for payment. My client couldn't use their phone to make long distance calls until this phone bill was paid, so they reluctantly paid the bill (ouch!).
REVISED Oct 2002, October I get similar dialer [sic] installs on 3 office computers over the network in Aurora; a Toronto student; a funeral parlor near home.
REVISED July 2002, July finds a dialer on a local youth's machine looking for song lyrics; on an older couple near or past their silver (50th?) ; found it on another local youth's machine.
REVISED May 21, 2002 I had another look at this computer and found that there was a dialler [sic] program installed (the icon for this was a close-up of an eye, with the filename xxx[1].exe), as well as a shady ActiveX control, email me if you would like the particulars on these.
Later in April, another client mentioned something similar happening so I called the local Police station, and left a message with the Inspector's extension. A few days later, the local newspaper had a front page article on the scam. I again called the Police station and I offered free help in the matter and told them I would let them know when this page was on my website.
Again I hit the
Internet and found www.phonebusters.com
, there was no info on the site directly
relating to this type of incident, so I emailed them with some of the details
and followed up with a phone call to them.
The person on the phone said the problem wasn't wide spread in our area and
that I should have my client call them to report the incident directly.
Phonebusters couldn't refer me to anywhere that I could find more info on the
subject (argh!, thus I began this article)
It *looks* like this scam is initiated by receiving bulk/junk/spam email that most of us get in our Internet email. You may remember getting one of these, an email that instantly opens your browser and takes you to new unwanted website address? I fired up my kid's PC and their Internet browser took me directly to an adult website that displayed other adult websites claiming of free adult material. As a child in entering adulthood, their curiosity led them to click on a link that promised free pictures of adult content. This website popped up other windows of adult websites and tried to install a virus on their computer that could do many things to the machine (JS_EXCEPTION.GEN).
1 - the virus sets your Internet browser to delete all history of where you
have been online
2 - added adult content sites to Internet Favorites in Internet Explorer
3 - changed the start page or home page of IE to adult content site
4 - installs a fake dialer in Dial Up Networking
5 - makes PC go online as soon as it is restarted using private DUN connection
to pay per minute connection
6 - can hang-up your current Internet connection and dial pay per minute
connection fast without you noticing it
7 - installed the dialer on the desktop as an icon
I wondered why their anti-virus software didn't catch this, so I opened up
PC-cillin (the Trend Micro anti-virus software installed on their machine) and checked that
the virus definitions were up to date, it was successfully updating.
Next I looked at the virus log. This showed me that the virus had been
blocked on a dozen or so times previously, but it was allowed to pass on Apr. 23
(could have been a friend that didn't know what to do with the popup virus
warning???)
Purchase one of the *better* anti-virus protection systems from TrendMicro at
www.antivirus.com.
Trend Micro has this free on-line virus checker that will scan your pc over the
Internet: http://housecall.antivirus.com
http://www.antivirus.com/free_tools/
Or you could try McAfee
or Norton