For many, the daily walk to the mailbox evokes mixed feelings:
The glee that your favorite monthly magazine ? or a friend's
hand-written letter (quite a surprise in the e-mail age) may be
waiting is countered by anxiety of how many bills the postman
left you.
Now, imagine coming across your phone bill, thicker and heavier
than normal. When you open it, instead of "statement
stuffers" from the phone company's marketing department, the
bill is dozens of pages long ending in a one-month total of
almost $5,400.
A quick glance at the details reveals hundreds of calls to the
same 1-900 number. "A mistake," you insist. After all, you're
the only person in the house and you have never called a 900 number
before. Actually, this is no mistake. In this true story, the
homeowner had fallen victim to one of the oldest computer scams
around: the "Auto-Dialer" virus.
How Did This Computer Security Nightmare Begin
-----------------------------------------------------------
What is an "auto-dialer"? Some time ago, the phone companies
came up with a feature that allowed merchants to reach a broader
range of customers by allowing consumers to make payments via your
phone bill. If you did not have a credit card, you just dialed a
900 number, connected by voice or modem (for Internet sites).
Every minute you used the service, you were charged a fee ranging
from $1 to $5 or more per minute. At month's end, the charge
appeared on the phone bill. Many services were legit: Consumers
called weather, horoscope and gambling services offering this
feature. But many merchants sold expensive phone or online adult
content.
How Did An Auto-Dialer Get Installed
-----------------------------------------------------------
But how did $5,400 in charges end up on the person's phone bill?
Although many of these services require the user to physically
dial the number or connect to the online site by instructing the
modem to dial the number, this can happen without the user's
knowledge. In the above case, the person's computer was infected
with an auto-dialer virus. Somewhere during his Web travels, he
connected to a site that popped up a rather confusing message
instructing him to "Hit OK" to make the message go away. What
this person didn't know was he was agreeing to download,install,
and execute an adult content auto-dialer.
Behind the scene, the auto-dialer installed itself, checked for
the presence of a modem and dial tone, and then proceeded to dial
an overseas 900 number over and over again. Even though the person
surfed using an always-on broadband Internet connection, the
modem remained so he could send and receive faxes. One problem:
When he wasn't using the modem, it remained plugged into the
phone jack. Why should he have unplugged it? It's not like it
could hurt anything, right? Wrong.
How To Protect Yourself
-----------------------------------------------------------
Unfortunately, there is no single solution to avoid these types
of malicious acts. A short list of protective measures would
include:
1) If you no longer need a modem in your computer, remove it. Or
at least disconnect the phone line from the modem;
2) Install anti-virus software such as Trend Micro or Symantec's
Norton Anti-Virus. Many are designed to prevent this kind of
malicious software, or "Malware." More importantly, make sure
your subscription for new virus patterns is current and
configured to automatically download and install updates;
3) Install and regularly run Adware protection solutions such as
LavaSoft's Ad-Aware or SpyBot Search & Destroy;
4) And do not, under any circumstances, blindly hit "OK" to
pop-ups or similar annoyances without first making sure what you
are agreeing to.
This tale is not fiction; in fact, it happens frequently, to
businesses and consumers, kids and adults. But even the least
savvy among us can thwart such an attack. A neighborhood teenager
recently avoided potentially thousands in fees when an
auto-dialer was downloaded and installed. How? She had unplugged
the modem.
About The Author
----------------
Darren Miller is an Industry leading computer and internet
security consultant. At the website -
http://www.defendingthenet.com you will find information about
computer security specifically design to assist home, home
business and small business computer users. Sign up for
defending the nets newsletter and stay informed and empowered
to stay safe on the Internet. You can reach Darren at
mailto:darren.miller@paralogic.net or at
mailto:defendthenet@paralogic.net
URL
---
http://www.defendingthenet.com/NewsLetters/Auto-Dialer-Newsletter.htm