PDA

View Full Version : Trojan Diallers - An interesting development.



godfather
22-07-2004, 11:57 AM
It might be of interest to follow this thread from the US (http://forums.techguy.org/showthread.php?t=224491)

Its a developing situation that looks like it's getting closer to being resolved.

Its a long thread, but well worth a read for those that have been following the subject of trojan diallers and unwanted phone bills.

mikebartnz
22-07-2004, 01:56 PM
Good post. It is worth warning people about the drive-by dialers.
I like my external modem. Much easier to hit a button instead of having to unplug the cable.

PaulD
22-07-2004, 05:34 PM
Why do Telecom and Telstra even co-operate with the 0900 numbers that crop up? Any hint of dodginess should result in the number being blocked.

leshibbard
22-07-2004, 05:36 PM
Interesting, as I appear to have a "Trojan Horse Dialer 9 A F", located by Noadware virus check.

AVG doesn't seem to want to immunise it!!.

Any help on eradicating same would be appreciated.

A Dial-up Cook Island call cost me $29.00, but Xtra have put a block on that one.

Thanks,

Les 3

Jim B
22-07-2004, 05:44 PM
> A Dial-up Cook Island call cost me $29.00, but Xtra
> have put a block on that one.

Would be interested to know how Xtra can prevent your modem dialing a number other than the Xtra dialup number.

godfather
22-07-2004, 08:05 PM
> Would be interested to know how Xtra can prevent
> your modem dialing a number other than the Xtra
> dialup number.

Good point.

If they did "facilitate" the blocking of international and/or 0900 by arranging it with Telecom on behalf of the customer, I hope all ISP's enjoy such a close relationship with Telecom.

whiskeytangofoxtrot
22-07-2004, 09:13 PM
> A Dial-up Cook Island call cost me $29.00, but Xtra
> have put a block on that one.

I'll bet thats what the Telecom rep told you.

A number of our customers get told by Telecom tha "Xtra don't let you get diallers" which is essentially impossible, just more of Telecom trying to squeeze their monopoly.

supergran
22-07-2004, 09:45 PM
Godfather, I have a 0900 and an international phone block, just in case those diallers hit my puter. The 0900 is free, and the international block costs $2 a month, and if I want to ring International, I just input a four digit pin number to bypass. I thought it was worth the $2 cos it doens't seem that any of the things on my puter manage to stop everything. Ok, so I have NOrtons, Spybot, zone alarm, ad aware, and can't remember what else, lol but to me the block was better to be too safe, than get larger phone bills.

godfather
22-07-2004, 10:21 PM
I do not have a modem in my PC, so there is no need to have a block here. Its not possible therefore for the PC to dial out.

Diallers do not affect ADSL connections

Jim B
22-07-2004, 10:29 PM
> Diallers do not affect ADSL connections

Unless you also have a dialup modem installed as well and a lot of people do.

leshibbard
24-07-2004, 05:23 PM
WTF thanks for that.

Isn't a block similar to a "Toll Bar".

Les 3.

Ps. Changed Password has now increased the number of Goons' harvesting it. 20 today as compared with 3 to 5 a week !!.

Les 3.

leshibbard
24-07-2004, 05:26 PM
Jim B, same reply to WTF below your post.

Les 3.

Laura
25-07-2004, 01:16 AM
Les:
That info about changing your password (with adverse effects) is dramatic enough to raise our own concerns, but too short on details for anyone to suggest a work-around.
Would you care to elaborate?

Jim B
25-07-2004, 01:43 AM
Good point Laura.

What are you on about Les, don't understand any of that.
If you have dialers on your computer changing your password will not prevent their use as they don't use your password when they dial.

leshibbard
26-07-2004, 11:12 AM
Laura and Jim B.

Hope you both watch Fair Go, a recent episode showed a phone customer caught with a $2,000.00 toll account, generated by the same type of Dialer.

My case happened on the 20 Feb 2004 at 13.15hrs and I was rung by Telecom later in the day to see if we had made tis call to the Cook Islands phone number given.

I suppose we could have fought for a refund, but Telecom said they would put a "block" on our phone.

" Who in there right mind would want anything to do with the Cook Islands", we were there in 1996 and couldn't get out of the place quick enough!!.

Noadware, a free virus online checker has listed a number of Cookies, Yellow Pages, Bonzi and Web Watch files, which AVG hasn't picked up.

AVG has quaratined a Trojan Horse Dialer 9 A F, which has a file reference C:\WINDOWS\SYSTEM|EGCOMLIB_1034.DLL.

Godfather mentioned the "Harvesting" of e-mails and their passwords and selling these onto relevant advertisers.

Used to get only 3 or 4 Spam e-mails a week, but since changing my Password these have now increased to 14 to 22 a day.

As someone else has mentioned, perhaps we should shut down Xtra and go elsewhere, but that means letting a lot of people know of the new ISP. We already have Hotmail and Yahoo.

We thought Xtra had controls on Spam.

Thanks to all those suggestions given.

Les 3.

Chris Randal
26-07-2004, 11:45 AM
A keylogger perhaps?

Chilling_Silence
26-07-2004, 12:01 PM
Keyloggers can be nasty buggers but they're all pretty massive in size and usually easily detectable... Im yet to see a keylogger written in assembly.
This is of course different if you have a hardware logger :p

Does anybody know if there are diallers out there for Mac/Linux?


Chill.

godfather
26-07-2004, 12:01 PM
leshibbard.

I mentioned harvesting of emails, but it was you that mentioned that your password was being appended to spam emails you responded to trying to stop them.


Outlook Express e-mails, you too can have a large ..........

Notice when asking for these to be stopped, that one's password appears at the end of one's e-mail address, in plain English.

So Passwords are not fullproof then?.

Only went into Google to see what was good for "Cold Hands and Feet" on 26 June and the adult e-mails that have come down since then, you wouldn't believe.

This is why we are concerned about your system, and whats happening

Such activity (your PC sending your password) indicates a SERIOUS security problem on your PC.
What have you done about it?
Its not normal and indicates an urgent problem, if in fact that is actually happening.
Its not something that I have ever heard of before.

leshibbard
26-07-2004, 04:31 PM
Godfather, only replied to the one adult e-mail, as I had only been getting 2 or 3 various spam e-mails, the others were for medications.

A right click to Properties on unopened e-mail, details and message source, gives the details of my e-mail and the senders details.

Most of the unknown e-mails received are Shift and Delete buttons, straight off the Inbox window.

http://www.rixler.com/download.htm was the site where password changes and lookups was found.

My Password was never sent on by us.

Did I not mention an old work mate's not remembering a password and that we used XTGold software to gleen the password.

Thanks Godfather for your help, you and others' on this forum have always been a great help.

Les 3.

Ps. Another lady friend with Windows 98SE cannot bring up Feecell, it always gives that infernal "this program has ........".

Gave her a copy on 3.5 floppy from which it should boot up, but the same thing happens "illegal op.....".

Will give her a copy of another Win95 Freecell program on floppy and see if that gets clobbered toooo.

les 3.

Billy T
26-07-2004, 05:27 PM
> Used to get only 3 or 4 Spam e-mails a week, but
> since changing my Password these have now increased
> to 14 to 22 a day.

Hi Les

Your influx of spam may not be due to the causes you think. I run 9 email addresses for my business and family and until a couple of months ago I received nothing on my business addresses or any of my family addresses apart from that of my son which had previously been held by another individual in Christchurch and was thoroughly compromised. Regardless, his only received 10-15 per week, mostly XXX sites.

When the Mydoom/SCO viruses struck, the viruses and spam on his address shot up to an unbelievably high daily figure and it was nothing to download 75 or 80 at a time. When the total topped 2500 I invested in Mailwasher to speed up deletion.

As that series of infections developed, slowly all of my email addresses began to collect spam and viruses, no doubt as a result of my addresses being harvested from clients' and friends' computers.

Now I get 5-10 every time I check my accounts, sometimes more, sometimes less but always 15-20 first thing in the morning after the computer has been off for a while. Mailwasher is a blessing and it deals with them all automatically now, only the very occasional one requiring my attention to decide its fate.

The point of all this is that your increased spam etc may be a result of events outside of your computer, and have little or anything to do with the original adult email etc. Once your address is out there in the wild it may go round and round forever, or until every computer in the world if protected by reliable and up to date anti-spam and anti-virus programs.

That will happen about the time hell freezes over. :(

Cheers

Billy 8-{)

leshibbard
28-07-2004, 05:34 PM
Thanks Billy T, things have been (should I say it) quiet over the last few days.

Perhaps it's because all the Family History e-mails have "first priority".

17 yesterday and 22 today, not that there is much info. concerning my Family research.

I typed my name into Google and came up with a few hits, wondering if this is where the e-mail address is being harvested from.

How did you get on with your research, I am stuck at 1685 6 times Great Greats'.

Regards,

Les 3.