Dialing Up a Scam: Avoiding the Auto-Dialer Virus

For many, the daily walk to the mailbox evokes mixed feelings: The glee that your favorite monthly magazine – or a friend’s hand-written letter (quite a surprise in the e-mail age) may be waiting is countered by anxiety of how many bills the postman left you.

Now, imagine coming across your phone bill, thicker and heavier than normal. When you open it, instead of “statement stuffers” from the phone company’s marketing department, the bill is dozens of pages long ending in a one-month total of almost $5,400.

A quick glance at the details reveals hundreds of calls to the same 1-900 number. “A mistake,” you insist. After all, you're the only person in the house and you have never called a 900 number before. Actually, this is no mistake. In this true story, the homeowner had fallen victim to one of the oldest computer scams around: the "Auto-Dialer" virus.

How Did This Computer Security Nightmare Begin

What is an “auto-dialer”? Some time ago, the phone companies came up with a feature that allowed merchants to reach a broader range of customers by allowing consumers to make payments via your phone bill. If you did not have a credit card, you just dialed a 900 number, connected by voice or modem (for Internet sites). Every minute you used the service, you were charged a fee ranging from $1 to $5 or more per minute. At month’s end, the charge appeared on the phone bill. Many services were legit: Consumers called weather, horoscope and gambling services offering this feature. But many merchants sold expensive phone or online adult content.

How Did An Auto-Dialer Get Installed

But how did $5,400 in charges end up on the person’s phone bill? Although many of these services require the user to physically dial the number or connect to the online site by instructing the modem to dial the number, this can happen without the user’s knowledge. In the above case, the person’s computer was infected with an auto-dialer virus. Somewhere during his Web travels, he connected to a site that popped up a rather confusing message instructing him to "Hit OK" to make the message go away. What this person didn't know was he was agreeing to download, install, and execute an adult content auto-dialer.

Behind the scene, the auto-dialer installed itself, checked for the presence of a modem and dial tone, and then proceeded to dial an overseas 900 number over and over again. Even though the man surfed using an always-on broadband Internet connection, the modem remained so he could send and receive faxes. One problem: When he wasn’t using the modem, it remained plugged into the phone jack. Why should he have unplugged it? It's not like it could hurt anything, right? Wrong.

How To Protect Yourself

Unfortunately, there is no single solution to avoid these types of malicious acts. A short list of protective measures would include:

· If you no longer need a modem in your computer, remove it. Or at least disconnect the phone line from the modem;

· Install anti-virus software such as Trend Micro or Symantec's Norton Anti-Virus. Many are designed to prevent this kind of malicious software, or “Malware.” More importantly, make sure your subscription for new virus patterns is current and configured to automatically download and install updates;

· Install and regularly run Adware protection solutions such as LavaSoft's Ad-Aware or SpyBot Search & Destroy;

· And do not, under any circumstances, blindly hit “OK” to pop-ups or similar annoyances without first making sure what you are agreeing to.

This tale is not fiction; in fact, it happens frequently, to businesses and consumers, kids and adults. But even the least savvy among us can thwart such an attack. A neighborhood teenager recently avoided potentially thousands in fees when an auto-dialer was downloaded and installed. How? She had unplugged the modem.

Conclusion

As I mentioned earlier in the article, this story is not based on fiction. This really happened to someone I know and I've seen it more than once. In fact, about three months ago I found a similar situation occurring on a computer that belonged to the daughter of a local business owner. Luckily, the young lady had disconnected the phone line because she needed it for a regular fax machine.

We are working hard to develop a site that will provide the home user and small business owner with all of the resources necessary to defend themselves on the Internet. In addition to Internet Defense, DefendingTheNet.com will offer secure services and solutions that will make your life easier, provide you with information and guidance, and help you to manage your technology in a secure fashion.

Many of the services we will offer will be free of charge to all our visitors. Others will be available for nominal fee's. Regardless of the service or solution you may be interested in, the links on the DefendingTheNet.com homepage will provide you with detailed information about the service, product, or solution while the site is in development.

In the meantime, we encourage you to sign-up for our Free computer security newsletter. The newsletter will keep you informed of the status of the sites development and provide you with incredibly interesting computer security facts, articles, real-world stories (or nightmares in some cases), security alerts, what you need to be concerned about, and will do so in easy to understand language.

If you have any questions and would like to contact us please e-mail us at defendthenet@paralogic.net.

online charity scams