Check Your Dial Up

Discussion in 'The Front Room' started by xane, Jan 15, 2004.

  1. xane

    xane Fledgling Freddie

    After my father got scammed by having his dial up changed to a premuin rate number I have been very wary of what is going on.

    I have broadband, but I still use dial-up for work, imagine my surprize this morning when I started my work session to see a completely different dial up, with a long telephone number and no username/password.

    I checked my Network Connections, and sure enough my work dial up had been renamed and in its place was an anonymous dial up with no username or password, a quick check of the number showed it began with 00, an international line, then 423, which is the code for Liechtenstein !

    I have no idea how this number got on my machine, I have a pop up blocker and I regularly run a virus checker and Ad-Aware, and I never respond to any of those stupid certification messages.

    Advice for today - if you have a dial up, or you know someone who does, check the number and turn off auto-connect just in case.
  2. Ch3tan

    Ch3tan I aer teh win!!

    xane you really do deserve that column to post your daily mishaps in :/
  3. Cyradix

    Cyradix FH is my second home

    This happens to a friend of mine almost every week.
    But he knows nothing about pc's and surfs to porn sites.... :D
  4. Will

    Will /bin/su Staff member Moderator

    If you are really worried, you can call your phone provider and get a (probably free) block put on premium rate numbers. Especially good for those with kids. ;)
  5. xane

    xane Fledgling Freddie

    This was not a premium rate number, it was an international code.
  6. Will

    Will /bin/su Staff member Moderator

    Bizarre. If it was an international premium rate, it would still be barred. If it's a straight international call, then what's in it for them?
  7. raw

    raw Can't get enough of FH

    Never known of that happening, all though i do remember a few years ago one of the directors was on a porn site and signed up to dial in and set all his dialup settings to the free sex one, in the end he confessed in confidence (oops) and brought it to me :D :D
  8. xane

    xane Fledgling Freddie

    Okay, an idea.

    I checked some Liechtenstein numbers and this one is too long, I suspect the extra digits are for some kind of automated service.

    So, I guess that on initial infection the number is redirected to this international one, then next connection it will gain control of the machine and change it again, or install a premium rate redialler on IE.
  9. xane

    xane Fledgling Freddie

    Does anyone know where Dial-Up information is actually held on Windows XP, I have searched the registry but can't find it, are the Dial-Up connection settings in some sort of file somewhere ?
  10. 'Shy

    'Shy One of Freddy's beloved

    Happened to a guy at work also, except he didn't even notice till his bill came in and there was one telephone call on there priced at something like £54!

    He was told by Oftel that it was a virus that downloaded the number and dialled it, and there was nothing they could do about it :(
  11. xane

    xane Fledgling Freddie

    Found it, Dial-Up networking settings are all in a file under
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk
    in a file called "rasphone.pbk".

    This is maintained by an application called rasphone.exe, which is the default application association for .pbk files.

    Apparently there is a buffer overflow exploit in the RAS API application files within Windows, which allows you to add potentially damaging information into the rasphone.pbk file, but in my case the original dial-up setting was renamed, so I think it was somne sort of batch file that did it.

    I suspect this might be done from Java, or an IE plug in too.
  12. SAS

    SAS Can't get enough of FH

    In xp you can see the number your dialing so I usually check that before anything connects, but saying that can that be trusted? :/
  13. xane

    xane Fledgling Freddie

    There are options on the Dial-Up Properties to remove username/password and to "show progress", both of these were unchecked, the result being you wouldn't know.
  14. Deadmanwalking

    Deadmanwalking Fledgling Freddie

    On a slightly related note. As i was reading this (funnily) enough my phone rang. On picking it up i got an automated message with an american accent saying something along the lines of "Sorry to disturb you, this call was designed to be picked up by an answer phone"

    Any ideas wtf that is about?
  15. Brynn

    Brynn Can't get enough of FH

    Yea in america they have auto-dialler phones. Where they have a recored message that they play to every number possible in the area code. And they have it designed to go on the answering machine, so their is no human interference answering questions about it, or to possibly hang up on it. So if it gets to the answering machine it can give all its information with out having to have many variables depending on what the human is asking.

    Does that make sence?
  16. Panda On Smack

    Panda On Smack Can't get enough of FH


    the irony of the word 'sence' in that question
  17. xane

    xane Fledgling Freddie

  18. Will

    Will /bin/su Staff member Moderator

  19. dysfunction

    dysfunction FH is my second home

    Would probably be best to setup up another fake Dial Up account and set that as your default. Then have your real dial up account as just an extra.

    Then whoever is changing the number will change the default dial up but your real one will be unaffected...

    I've not had this problem but you could see if that tactic works.
  20. xane

    xane Fledgling Freddie

    As it happens I do have a few dial-ups, one is my work and another is my regular broadband ISP which I can use if DSL goes down.

    It only changed the lowest alphabetically, what is very curious is that it renamed the old one first and left it there !?
  21. dysfunction

    dysfunction FH is my second home

  22. xane

    xane Fledgling Freddie

    Just to pimp this warning again, because I think it is important everyone checks their dial-ups, and consider those friends and family as well.

    I phoned 150 (BT Customer Service) today and got premium rate numbers (090) blocked on my phone, however I enquired about international numbers and I was told the only way to bar them (together with a PIN to unlock it) is to subscribe to an extra service costing £1.50/month.

    Premium numbers can still be costed under the ban by using international calls, so maybe what we need is a check against the rasphone.pbk file to ensure it has not been updated.
  23. exxxie

    exxxie Fledgling Freddie

    Just out of interest xane, what firewall and OS are you running?

    Ive never heard of this exploit.. just checked my dialup number and its ok. Going to google to investigate now.
  24. Tenko

    Tenko Fledgling Freddie

    Ive come across this one but only when researching some special interest websites :p
  25. dysfunction

    dysfunction FH is my second home

    None of my numbers have been changed
  26. yaruar

    yaruar Can't get enough of FH

    One of the major advantages of dsl, no problems with this scam.

    I've seen pop ups a few times trying to redirect my phone line whilst browsing "research" sites. Although I have quite draconion settings for security on ie on my home pc so I can see how some people might get the settings changed with no warning (and there are still a lot of people who automatically click on ok without readong boxes which flash up...
  27. RandomBastard

    RandomBastard Can't get enough of FH

    makes me glad i dont even own a modem
  28. Wij

    Wij I am a FH squatter FH Subscriber

    How do you post ???/
  29. RandomBastard

    RandomBastard Can't get enough of FH

    using meh router (which ok if your pedantic has an adsl modem in it but thats only 1/6th mine)

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.