Another Day, Another Dialler!

by Rob Zorn
from the April 2004 Newsletter

We're hearing a lot about surreptitiously installed Internet auto diallers these days. These are the little nasties that dial your computer up to some expensive 0900 number leaving you with massive phone bills at the end of the month. What are they? How do they get there? and what can be done to protect yourself from them?

What are they?

The diallers we're concerned about are called Internet diallers. They are programs often offered for download through some dubious links or webpages (e.g. pornography, astrology readings or gambling). Once downloaded, they attempt to automatically install themselves, taking advantage of the user's ignorance or inattention. Once installed, they set up a new modem connector that sets itself as the default, and therefore is used automatically each time you dial up. Instead of calling your Internet-Service-Provider for a connection to the Internet, you'll be connecting through a new service provider using an expensive 0900 number. Often, Internet diallers start up at the same time as the computer and automatically establishing a dial-up connection that lasts as long as the computer is powered up. The first time you might notice something is wrong is when you get your phone bill. And you'll notice in the worst possible way!

How does an Internet dialler install itself on a computer?

Generally, Internet diallers have to be actively downloaded and installed. The idea is that you are duped into doing this when you are offered a link that says one thing but really links to an executable (.exe) file. You click the link and your browser then pops up a box asking whether you agree to commence the download and installation process. It works in much the same way that customers are tricked into downloading and installing spyware.

In numerous cases users simply click YES without actually reading the warning in the pop-up box. As stated, the sneaky Internet diallers we are talking about are not usually found on reputable pages. One likely scenario is that someone in the house is surfing the web for dubious content. He or she is very much intrigued by a certain link that is on offer. In their eagerness to access whatever material has been purportedly offered (and because the precariousness of what they're doing means they don't have time to linger) they click Okay in the warning box that comes up without reading its contents. Lo and behold, after some whirring and buzzing on the hard drive, the computer disconnects and then redials the 0900 number, and does so every time the computer is switched on or the Internet is accessed. This happens until someone notices the phone bill and flips out!

The Actrix help desk gets a reasonably regular flow of calls regarding Internet diallers. When it is explained that they generally can't be installed without some co-operation (usually unknowing) from the user, our staff are often met with incredulity. "There's no one here that visits such sites!" Unfortunately, the overwhelming likelihood is that there is someone there who has or does. If you find an Internet dialler installed, think very carefully about who might have accessed the Internet when you weren't around. Chances are that person could use a few suggestions about thinking before they click. You may want to think about password protecting access to your PC.

Sometimes, Internet diallers are sent as attachments to e-mail and are not clearly or easily recognisable. The same principles apply. Your e-mail program will usually not let you open or install attachments without first asking you whether you're sure. If you have someone in your house who might click e-mail attachments uncritically, then the same suggested courses of action above are re-iterated.

I suppose, in fairness, that it should be mentioned that not all Internet diallers are malicious. They are commonly used to access web content or services where they are valued as safer or more anonymous alternatives to traditional payment methods such as credit cards. Some give very clear warnings about exactly what they are and do make an honest attempt to make sure the user knows what they are installing, often informing about exact charges and asking for verification of eligibility and intention on numerous occasions before they will run.

Improper Internet diallers, on the other hand will automatically attempt to install themselves without asking for permission. The user won't be warned about the Internet dialler's installation, nor about the costs of the 0900 number (unless they bother to read the entire lengthy, legalese warning in the user agreement). Another clue that you have a bad'un is when the Internet dialler's connection window only let's you choose between OK and DIAL.

I suppose the good news here is that you don't really have to worry too much about an Internet dialler being installed as long as:

  1. You're the only one using your computer;
  2. You read pop-up warning windows before doing anything and you don't click things you're unsure of;
  3. Your Browser security settings are properly set to default or higher.

Adjusting Your Internet Security Settings

Adjusting Your Internet Security settings is pretty easy in Windows, and I recommend you go in and make sure that you are at least set to medium level. You can do this by opening Internet Explorer, clicking Tools and then Internet Options. Click the Security tab in the box that pops up, and make sure the slider bar is set at least to Medium. This will make sure you are prompted before any potentially unsafe content is downloaded. It won't stop anyone clicking Okay to an Internet dialler offer, but at least it will mean one can't be downloaded and installed automatically. If you set your Security much higher than Medium, you'll start to find that Explorer becomes overly paranoid, and a lot of web pages will cease to work or load.

How to check whether you might have a nasty Internet dialler installed

1. Check your list under Dialup Networking or Network/Internet Connections (usually accessed via your Control Panel). Make sure there is no new connection installed and if there is that it is not the default dial-up connection.
2.Verify in the task bar whether there is a unknown program running or if there is a new icon installed on your desktop (i.e. a telephone icon). Another clue that a Internet dialler is present is when your browser's home page mysteriously changes (though lots of other nasty programs that aren't Internet diallers can also do that).

Getting rid of Internet diallers

If you have an unauthorised Internet dialler and you're lucky, you may be able to uninstall it yourself using Control Panel/Add Remove Programs. You probably shouldn't count on this though, as these sorts of programs are designed by unscrupulous people to prey on you, and they will resist being uninstalled.

Two programs we've featured before that may help you identify and get rid of Internet diallers (and other Spyware) are Ad-Aware and SpyBot.

Ad-Aware can be downloaded free here: http://lavasoft.element5.com/software/adaware/

SpyBot (Search and Destroy) can be downloaded here: http://www.safer-networking.org/ 

These two programs are principally designed to detect and remove Spyware, though they may also detect and remove malicious Internet diallers if they know about them.

I am not aware of any programs specifically designed to assist with removing Internet diallers, but if you've been hijacked by one, there will be some way to get rid of it. If you find yourself stuck with one you can't eliminate, let me know and we'll see if we can find a cure for you. 

Can calls through 0900 numbers be avoided?

It is possible to ask either Telecom or TelstraClear to block access to 0900 numbers from your line. It is also possible to purchase and download specialised programs which will protect your computer from suspicious installations, but none of these things are a substitute for common sense and normal precautions. Telephone companies don't tend to have a lot of sympathy when they are contacted about this particular problem, so if it happens to you, don't count on getting your bill waived. Our best advice is to be careful what you click while online, and mindful of who is using your computer to access the Internet.

More information can be found at the following sites:

http://www.0900info.co.nz
http://pcworld.co.nz/pcworld/pcw.nsf/0/13e75510835f8b1fcc256cf3000b2d7e?OpenDocument
http://www.pl.net/netnews/remare.htm