back to 878help 
Stay tuned for more on this subject as this story unfolds...Last revised:    Oct. 2005

Poor virus protection, fear of updates and smart minds move this real expensive threat into our area. It has struck before as early as 1996-97 in the US and Canada (see links below; these links provided are for your information only, as no one could tell me where to find any! Deighton claims no ownership, rights or privileges associated with the articles. Use them at your own risk )

This carefully thought out scam could bring direct profit for at least four different types of companies, with spin off effect work for many others, PAID indirectly from Internet users (or phone line owners) with a functional phone line connected to their PC or network.

Possible direct profit for:
1 - Global Internet content providers or Adult material providers
2 - Global Computer programmers whom write this malicious software code
3 - Global Independent money exchange companies or Internet payment companies
4 - Global Long distance AND telephone companies as they're the ones you pay
Possible spin off work for:
5 - Global anti-virus and other Internet intrusion tool companies
6 - Local computer technicians/consultants as the computers will have to be *cleaned* and updated
7 - Local media as it makes front page news and sells more advertisements
8 - Local telephone companies as they offer *protection* products 

 

Local stories from KawarthalakesThisWeek

Net scam nets $300 from city resident

Phone scam hikes woman's Bell bill    Added May 22, 2002, Internet scam costs Dunsford family $2,000

The following message is a reminder brought to you by Bell Canada and the Canadian Association of Internet Providers

Sympatico - Smart Surfing

Yet more info on the subject found by searching the newsgroups:

 CGA Magazine - October 1997   adult_scam   AT&T -- Porn Merchant 

Long Distance Phone Scam Hits Internet Surfers

Consumer complaints about AT&T Billing Disputes

Consumer complaints about dialer.exe    Speed Dialers

Welcome to Next Gen Exchange    ebs Electronic Billing Systems AG-Online Payment Systems

FIX Java Security Issue Allows Access to ActiveX Controls

JS_EXCEPTION.GEN - Description and solution

LincMad International Telesleaze Prefixes        TELECOM Digest and Archives

SCAM SHIELD - Protecting Citizens With Knowledge    ScamWatch

Telecommunications Industry Ombudsman Public Area FAQs ADR

Added May 21, 2002,  ICSTIS, an Independent Committee for the Supervision of Standards of Telephone Information Services, regulates the content and promotion of premium rate telephone services in the UK, maybe Canada needs one of these?

Computer Associates info on W32.PornDial 

Added May 31, 2002, After a fresh install of IE5 (before any patches were installed) at a customer's site, I had the dialler program popup and asked to be downloaded and installed. This was preceded by a whack of instances of New IE windows that had no X to close them. This was.initiated by visiting a website address for lyrics!

My personal encounter with this thing...

Early April 2002, a customer called my office wondering how long distance, over-seas phone calls were being made from their computer. The calls cost them $550.00 !!! I investigated it on the Internet and found similar happenings in the US in the fall of 2001. I followed up with an on-site service call to my client's home and found no traces of any 1-900 dialers or any traces of on-site porn activity in the browser's history (I thought the youth had covered their tracks). The youth in the home denied going to any adult websites (typical) and said that they only used the Internet for chatting on Yahoo and emailing thru Hotmail.

I advised my client that the calls were probably made from their computer while visiting adult content websites and that they should dispute the charges with the phone company (it is illegal to sell adult material to youths isn't it???). The phone company said that the calls were made from their home, and they were responsible for payment. My client couldn't use their phone to make long distance calls until this phone bill was paid, so they reluctantly paid the bill (ouch!). 

REVISED Oct 2002, October I get similar dialer [sic] installs on 3 office computers over the network in Aurora; a Toronto student; a funeral parlor near home.

REVISED July 2002, July finds a dialer on a local youth's machine looking for song lyrics; on an older couple near or past their silver (50th?) ; found it on another local youth's machine.

REVISED May 21, 2002 I had another look at this computer and found that there was a dialler [sic] program installed (the icon for this was a close-up of an eye, with the filename xxx[1].exe), as well as a shady ActiveX control, email me if you would like the particulars on these.

Later in April, another client mentioned something similar happening so I called the local Police station, and left a message with the Inspector's extension. A few days later, the local newspaper had a front page article on the scam. I again called the Police station and I offered free help in the matter and told them I would let them know when this page was on my website.

Again I hit the Internet and found www.phonebusters.com , there was no info on the site directly relating to this type of incident, so I emailed them with some of the details and followed up with a phone call to them. 
The person on the phone said the problem wasn't wide spread in our area and that I should have my client call them to report the incident directly. Phonebusters couldn't refer me to anywhere that I could find more info on the subject (argh!, thus I began this article)

It *looks* like this scam is initiated by receiving bulk/junk/spam email that most of us get in our Internet email. You may remember getting one of these, an email that instantly opens your browser and takes you to new unwanted website address? I fired up my kid's PC and their Internet browser took me directly to an adult website that displayed other adult websites claiming of free adult material. As a child in entering adulthood, their curiosity led them to click on a link that promised free pictures of adult content. This website popped up other windows of adult websites and tried to install a virus on their computer that could do many things to the machine (JS_EXCEPTION.GEN).

1 - the virus sets your Internet browser to delete all history of where you have been online
2 - added adult content sites to Internet Favorites in Internet Explorer
3 - changed the start page or home page of IE to adult content site
4 - installs a fake dialer in Dial Up Networking
5 - makes PC go online as soon as it is restarted using private DUN connection to pay per minute connection
6 - can hang-up your current Internet connection and dial pay per minute connection fast without you noticing it
7 - installed the dialer on the desktop as an icon

I wondered why their anti-virus software didn't catch this, so I opened up PC-cillin (the Trend Micro anti-virus software installed on their machine) and checked that the virus definitions were up to date, it was successfully updating.
Next I looked at the virus log. This showed me that the virus had been blocked on a dozen or so times previously, but it was allowed to pass on Apr. 23 (could have been a friend that didn't know what to do with the popup virus warning???)

If you have been hit with this scam, call CRTC at 1-877-249-2782, and OPP Phone Busters at 1-888-495-8501.

 

Purchase one of the *better* anti-virus protection systems from TrendMicro at www.antivirus.com.
Trend Micro has this free on-line virus checker that will scan your pc over the Internet: http://housecall.antivirus.com
http://www.antivirus.com/free_tools/ Or you could try McAfee or  Norton 

 back to Deighton