Dialler programs: don’t be caught out

The ideal compromised PC IS ONE WITH AN always-on, high speed broadband connection. Groups of such PCs will be traded, and can be used for several nefarious purposes such as DDoS attacks (particularly on Internet betting sites), password cracking and sending spam.

However, it cannot be assumed that low speed modem connections are safe. In fact, users may be at even greater risk than if they had broadband access.

A nasty little scam is currently gathering pace. Cyber criminals are secretly installing dialler programs on to PCs. Such programs change the number the computer uses to dial-in to the Internet from the normal, cheap rate access line to one that costs upwards of £1.50 per minute. This can result in a company receiving a much larger than expected telephone bill, particularly if the Internet is accessed on a regular basis. BT recently stated that it holds 19,000 disputed telephone bills totalling more than £2,000,000.

‘Legitimate’ dialler programs

The waters become muddied here, because it’s very difficult to prove that the dialler was installed without the prior knowledge of the user or owner. There’s a whole class of ‘legitimate’ dialler programs that can be installed on request, and which allow access to premium rate sites (more often than not sites with adult content).

These ‘legitimate’ diallers display a message informing the user that it will be changing their connecting telephone number, and state the new rate charged. The user is then asked to click to confirm that they want the installation of the dialler to go ahead.

If the person using the computer carries out these steps, then – technically speaking – nothing illegal has happened, and there’ll be a big telephone bill. However, if the dialler’s installed without the user’s knowledge, it’s likely to represent an offence under the terms of the Computer Misuse Act and there may be some legal redress.

Unfortunately, it’s all-too-easy for this to happen. There are flaws in common operating systems that allow this kind of violation, even by simply visiting a ‘poisoned’ web site. At the time of writing, even fully-patched systems are susceptible, while unpatched systems aren’t difficult to compromise.

Prevention is better than cure

So what can security and IT professionals do about all this? First, prevention is better than cure. It’s possible for network operators to bar access to premium rate lines on request. Although free, this solution may not go quite far enough as some of the phone lines the scammers use will be abroad. If foreign calls never need to be made, or if a separate line has been provided for the Internet, a provider can then bar access to foreign calls. This service has to be paid for on a monthly basis.

The second solution would involve network operators setting a call level on a particular line. Once the set limit has been passed, no further outgoing calls can be made. In addition, many systems report the number being dialled when connecting to the Internet. As an additional measure it’s worth keeping an eye on this. If it changes, it may be because a dialler has since been installed. If the number isn’t displayed, then the number the computer uses to dial-in to the Internet should be checked regularly.

The ICSTIS boasts small staffing numbers, and is being overwhelmed with complaints concerning premium rate diallers. Only recently, noises were made that the DTI hasn’t given the organisation sufficient power and resources to tackle the problem effectively

Many people only discover that they’re a victim when they receive their next phone bill – by which time, of course, it’s too late. Security products such as anti-virus software or specialist anti-Trojan programs can help to detect and remove unwanted diallers. As an ongoing rule, anti-virus systems should be kept up-to-date, and operating systems patched.

ICSTIS: a port of call

For those unfortunate enough to become victims there are various actions that can be taken to redress the balance. Currently, the National High-Tech Crime Unit isn’t carrying out any investigations into illegal dialler installations, but that situation might well change in the future (in particular if the number of cases of such ‘attacks’ continues to grow). Instead, the Unit advises security managers to contact ICSTIS – the Independent Committee for the Supervision of Standards of Telephone Information Services).

The ICSTIS boasts small staffing numbers, and is being overwhelmed with complaints concerning premium rate diallers. Only recently, noises were made that the DTI hasn’t given the organisation sufficient power and resources to tackle the problem effectively.

As you might expect, the ICSTIS can also be contacted online (at www.icstis.org.uk). The web site contains a good deal of useful information – including lists of numbers already under investigation – and is well worth a visit. Since the unauthorised installation of diallers is technically a crime under the Computer Misuse Act, it can also be reported to the local police and their specialists in computer-related crimes. That said, enquiries may well be referred to the ICSTIS.

Contact your service provider

It’s also worth contacting the service provider, and asking them to waive all or part of the bill. They’re usually very reluctant to do this, so persistence is required. It may help if the number is already under investigation by the ICSTIS. If the provider doesn’t help then the bill may have to be paid and the money claimed back retrospectively. It’s sometimes possible to contact the provider of the premium rate service in an attempt to claim back the money. If the provider is under investigation then the ICSTIS web site may contain contact details.

A further option worth consideration is the Small Claims Court. Local Citizens Advice Bureaus will be willing to advise on this. Making a small claim will involve paying a Court fee (itself dependent on the level of the claim), but this is refundable if the case is won by the claimant. Copies of all correspondence must be kept if the Small Claims Court is to be used.

The illegal installation of such dialler programs is on the increase, and is yet another example of cyber criminals taking advantage of other computer users’ resources to make a profit. The positive news is that awareness of this issue is growing, and as a result it’s being taken seriously.

It’s always advisable to try and avoid being caught out in the first place! That being the case, it’s imperative that computer users and businesses know what to do if the worst should happen so that they stand a chance of not ending up seriously out of pocket.