Dodgy dialup changer stuff gggrrrrrrr

[Chameleon]

Hi
My dad just got called by BT to check that he knew he'd managed to clock up £300+ of calls since Feb 15th. Erk! By the end of this conversation, the BT guy reckoned my dad's pc had been dialing some number, presumably premium rate or at least really f'in expensive!
I discovered over the phone to him that he had somehow come into a new dialup account in his network setting, a duplicate of the old good one (it had renamed the proper one "normalDUNname(old)". Using a number starting 0088, I presume this is the culprit.
The whole "how the F' is he going to pay this £300 bill" issue aside .........

how the hell do I get rid of this? I checked the pc not long before the 15th Feb. It was fine, dun settings fine, adaware updated, ran and used. Antivirus present and up-dated(ish). I've guided him through manually deleting the dodgy dun, checked his own one is setup right, etc ....... but I doubt it's as easy as that. I expect there's dodgy stuff scattered about the system registry, things loading as services at startup etc.
Help!
Can I take the latest adaware definition file over on a disk?
Are there any programs, adaware stylee, that do a half decent job of finding and removing this specific stuff?
Any other advice?
Come to think of it, what about this whole "how the F' is he going to pay this £300 bill" issue too? Advice greatly received. I pay for his anytime dialup cos he can't afford 0845 tbh, so this £300 bill just aint gonna get paid ...... by him anyway Is there any chance of BT 'understanding' on this? He's been with BT for 30 years. Do we have any legal standing by which we might dispute the call charges?

tia

 

[Shovel]

From a simple legal standpoint: Get the premium number that was dialled you can then look up (probably via Google if nothing else) who it belongs to. From there probably go to Ofcom (or is it still Oftel?) for advice.

These dialler changers seem to be everywhere at the moment, ghastly things. It might be worth phoning BT, telling them you've been scammed (without consent etc.) and - assuming this line is only used for Internet - get them to block line access to anything other than 0845/0800. Also, ask if BT has a policy regarding these dialups, since you wont be the only customer to get duped they may be prepared to get involved in the hunting down and flogging of the perpetrators. Maybe.

 

[Chameleon]

Thanks for the reply shovel.
I did ask him to read out the dodgy number, as it was stored in the DUN settings. A search on it comes up with nothing at all unfortunately. I would not be at all surprised if this was actually not the number it was in fact dialling, but we'll see ........... as BT have said they are going to look into the number, presumably from the call records, as my dad didn't know how to find the number from the pc at the time.
The BT guy apparently said to my dad "this is happening to a lot of people lately", as you also suggested. BT guy also said (when my dad asked "so who is liable for all this"), "unfortunatley sir, you are", which worries me. I can see where they are coming from, but being BT, I kinda hope they might be understaning on this, in some way. I will obviously wait and see what BT come up with on the number search.
Still not certain how I'm gonna rid this pc of the scum software tbh. Now have AV and adaware latest definitions plus kerio personal firewall on disc for when I go over tomorrow, but any other tips would be welcome.
Thanks again.

 

[Mofo8]

I find Spybot Search and Destroy to be a bit better than AdAware.

You can get it from: http://www.safer-networking.org/

When I first tried it, it found a hell of a lot of stuff that Adaware hadn't, plus it's got an 'Immunize' (sic) function which prevents known nonsense from getting on the PC in the first place.

(EDIT) Oh.... and tell your dad to stay away from the porn

 

[Chameleon]

Thanks, have added spybot to my magic CD for tomorrow If he'd been looking at porn, I'd understand, but other than clicking the wrong 'close this window' button on a porn pop up, it aint that. Suffice to say tho, he's getting Kerio personal firewall installed tomorrow on IF IT AINT IE OR OE, GET LOST! setting

 

[babs]

0088 is an international dialling code, and could either be Bangladesh or Taiwan if I'm not mistaked.

 

[old.user4556]

I nearly ran into a similar problem with my mobile.

I was (ok ok, i admit) perusing some porn (like 100% of males do) and I was aware something dodgy downloaded. Suddenly, my mobile started to dial some strange number - it had hijacked my mobile over bluetooth as it activated the dialup via bluetooth on my phone. Luckily, I caught it in time.

So for all you bluetooth enabled people - make sure it's off on your phone unless you're using it for a purpose.

I'm sorry I can't help with the current problem, but i've found the quick cure to this is to set "ActiveX controls and plugins" to 'prompt' along with all the other ActiveX stuff. This may be a pain clicking the 'ok' box on the "Do you want to run ActiveX plugins and controls?" prompt you'll get with almost every webpage, but at least when you get a prompt like this in future on 'dodgy' websites you'll know to click 'no' - this will stop any rogue downloads/executions of these diallers from porn sites and such like.

Additionally, I suggest running an up to date Adaware scan almost every day.

G

 

[Shovel]

I know Firefox plugs are getting tedious, but in all honesty, it would keep you safe witht this kind of thing, since you get prompted on each executable. If you don't have a day-to-day need for the proprietry behavior of IE, it might be an idea? mozzila.org, as usual.

 

[Tom]

BT should:

Bar international calls (until you phone them and ask otherwise)
Bar premium rate numbers (ditto)

Also, seeing as these numbers are clearly being dialled without the user's consent, a large company like BT should just refuse to pay the vendor, and not charge the caller.

 

[Shovel]

Agreed, such things should be checkboxes on your application form.

 

[xane]

My father also got scammed by this, he also ran up a huge bill.

You can phone customer services (150) and block premium rate numbers (090) or just adult premuim rate numbers (0909) instantly. Unblocking takes about a week. No charge for either service.

You cannot block international numbers in the same way. You can get a blocking service from BT for an additional £1.50/month, this can be used to block any number or dial prefix, premium (090) or international (00) included, and also gives you a PIN code to override the block if you want.

I am sorry to say Antivirus or Firewall software will not help. The scam involves either editing the RAS phonebook thereby changing the number dialled by your Dialup Networking settings, or the nastier one is an IE plug in that lets you dial your ISP and then silently drops the line and redails, usually from a pool of premium rate numbers (obviously the subscribers to the scammer's service).

Antivirus software will only spot "registered" trojans, in both cases of an edited dialup or plug-in there is no virus binary executable as it is using existing code (either the Windows Dialler or IE). This is why you need software like Ad-aware or Spybot as many types of "trojan" are not considered malicious, just privacy-invasion.

Similarly the Firewall wont intervene to block outgoing traffic from the scammer's code as neither the Dialler or IE will be blocked from accessing the "internet" (actually the scammer's portal in this case).

The watchdog and government guidelines limit premium rate calls to £20, but the redialler simply redials (silently) after a set time limit to avoid this, blatently in violation of the intent of such a rule (to prevent excess call charges).

You can get a list of the premium rate numbers called from BT and go to the watchdog sites to look them up. Most will be foreign tax-haven companies that are completely out of bounds of any laws. The stupidity of BT allowing a San Marino company to administer a premuim rate service in the UK seems unbelievable at first, especially when you find out BT actually pay them _ahead_ of the calls, i.e. they have a license to take the money and run.

 

[old.user4556]

Glad im not on dialup anymore

 

[Chameleon]

BT have now looked into it and although I don't know the full ins and outs, I do know they have told my dad he should contact his ISP about the liability for the call costs. This is just ridiculous of course ..... he could have had 5 seperate internet accounts with 5 seperate companies installed on his pc at the time this happened, it wouldn't make any one or all of them liable for the scam or the costs. I can't point the finger straight at BT either, to be fair ...... but then me or my dad have done everything that could reasonably be done to prevent this too, so can't be blamed for it either. It's now £600 by the way and it wasn't since the 15/02, it was only from the 24/02 .... so with the pc being down yesterday since the call from BT, that means £600 was clocked up in one day, the 24th!!! They have apparently put a ban on international and premium rate numbers from his line, which should help for the future.
Xane, if you don't mind me asking, how did you/your dad resolve the call charges cost thing? Could you pm me, if you'd prefer not to go into details here about it?

 

[Xavier]

I'd go for firebird too, the popup blocking would be pretty useful to prevent future shenanigans of a dialup-changing nature.

What you could also consider doing is using the user policy editor to lock down dialup configuration. That way even if a dialler chooses to run, it can't create a RAS entry to dial.

Xav

 

[Tom]

Chameleon, I would do the following:

a) not pay for the premium rate calls
b) contact OFCOM
c) contact BBC Watchdog

You should also take steps to isolate whatever program caused your computer to make these calls. I'm no expert, but there will probably be resources on the internet where you can find out how to do this.

BT will insist you pay the bill, drag it out with them for as long as you can. Contact your local newspaper, make yourself as loud as possible. They will prob ably demand a compromise in the end, and you might not end up paying the full bill.

Good luck.

 

[~Yuckfou~]

......but being BT, I kinda hope they might be understaning on this, in some way.

If you are going to make comments like that you should warn people, I've got to get a cloth now to clean the coffee off my monitor.

 

[Chameleon]

If you are going to make comments like that you should warn people, I've got to get a cloth now to clean the coffee off my monitor.

heheh sorry bout that
Just been over and wiped all the nasty stuff off, etc. Spybot did find a few thigns that adaware didnt, so gg on that one, ta.
Xane, I did change user access levels so he was just a 'grunt', but it still allowed him to copy/duplicate dialup accounts. This is one of the steps this dodgy program thing did, so I'm not entirely sure if this will help to prevent it or not. I couldn't find an area in windows that let you, in quite a detailed way, set what you want each type of account to do or not do. Is there an area im missing or a program/powertoy I can install which allows me to do this?
Thanks again all for your help and advice. BT apparently know about the problem, it's happening to lots of people, they are investigating the number/situation, etc ........... so we'll wait and see now I guess.

 

[WPKenny]

Not to put a downer on things but, I can't see you having much luck to be honest.

These guys will quite often just rent space on someone's switch to pass and process the calls so the party responsible can remain anonymous.

BT don't pay them when you pay your bill either. They'll most likey do 7 days of traffic and get paid for it, week after week. So BT have already paid these guys their money weeks or months before you get your bill and the only way they'll get their money back is by chasing the people they paid.

This is why BT are so reluctant to waive your bill since they've already forked out for it. Especially if there's a surge of these dialers about right now, it would mean BT losing a ton of money and what sensible business would volunteer to do that?

 

[Chameleon]

It's a difficult situation for all involved, it's true. I don't blame BT entirely, but they are at least as much to blame as my dad is. The last conversation with BT included a statement from them along the lines of "we wont be able to make an adjustment to your bill until your May bill", so I'm hopeful but sceptical at the same time. When I left last night my dad was in the midst of writing to BT, his isp, the industry regulator, the prime minister ... the list goes on. He seems to think the FBI need coping in too heheheh We'll just have to wait and see, but I don't expect anything to happen quickly.

 

[Tom]

The fact is, you got scammed. With whom does the responsibility lie?

This is the question that needs answering, by ISPs, BT, NTL, etc etc.

My take on the situation is that BT have allowed this practice to go on. Therefore, they are at least partially to blame, and I would not pay them anything until they accept that.

 

[xane]

I can see this coming out as a big issue soon, as BT have sat on it too long.

The quick fix solution mentioned for premium rate numbers to be "opt-in", including international numbers from those countries that cannot block redirection to a premium rate (another similar scam used before on mobiles).

Unfortunately the prevalence of premium numbers used by various TV shows, like the "reality" programs and music channels, will mean they'll oppose it.

BT are dragging their feet on this one, I hope the watchdog comes down on them hard.

 

[WPKenny]

It's not just BT though is it? People out there use NTL, Tiscali, Tele-2 and all sorts for their phone lines. They're just delivering calls, why should it be up to them to check whether the person meant to dial that number or not? They'll have flags on their system that pop up when things like this happen but with millions of customers it's not the easiest thing to monitor. Usually by the time it's noticed, the money's already been handed over to whoever's responsible for the dialer and they've scarpered because of the short billing periods involved that I mentioned before.

I work in telecoms and from my encounters these guys rarely operate for more than a month or two and it's very cheap and quick to set up so they can bounce around all over the place and rarely get caught, even in the UK. They are, however, mostly operated outside the UK and so it's not worth BT or Tele-2 or whoever chasing them as, legally, they'll get no where and that's IF they catch up with the people responsible.

 

[Xavier]

BT won't take responsability, even if they're also the ISP - all the dialup/bb user agreements I've seen state that they accept no responsability for damage, or loss - physical, financial or electronic, due to anything beyond their own network.

Chances are, the dialler sprung up from any one of a squillion IE exploits or maybe even from one of the many security warning popups and he clicked the wrong button... There's even a nasty email virus or two out there which has been known to do it, so unless you had concrete evidence that his settings were changed by BT or his ISP the liability remains his own. Sorry, but that's how it works.

Xav

 

[Chameleon]

Oh I'm under no illusion about BT's legal liability, as the law currently stands. They do seem to be taking action however (they have said this is something a team have been looking into for a while, for a start). They're not faultless in this, which even they must admit. It'd be nice if they wrote the entire thing off (a mere drop in the ocean for a company their size, even if they did it for everyone who'd been effected), but in the mean time, this entire thing needs some serious action taken to counteract it in the future ...... meaning someone has to take responsibility for it ..... and it aint gonna be the home user.

 

[Xavier]

Well, fingers crossed as an act of goodwill they at least make some kind of gesture...

 

[Tom]

Measures need to be undertaken to ensure that this kind of thing is stopped. BT don't appear to be doing much about it. Therefore, some of the blame can be laid at their door.

Banks only allow you to withdraw £200 a day from their machines. There is a very obvious reason for that, and its a good idea. There is no real distinction between having your bank card copied, and hacking somebody's computer, the end result is the same - you're out of pocket. Its the same with mobile phones, they impose a credit limit on new accounts, if you go over that limit, they cut you off (until you pay up).

BT should be doing the same. As for television programmes using premium rate lines, it wouldn't really be too hard to limit their numbers to a certain 'window'. For example, they could only use 0845 xxx 000 to 0845 xxx 100. Then BT would impose a blanket bar on all premium rate numbers, and at least give you the option to opt in to only the numbers I just gave an example of, and opt in to other numbers if you wanted that as well.

Its not hard, they could have done it 15-20 years ago when they started using system x.

Another option is for them to only allow UK-registered businesses to use premium rate lines, and only businesses that have been vetted by OFCOM.



/edit: are premium rate 08 or 09? :touch:

 

[Xavier]

BT DO impose maximums, they're known as your call limit and every contract has one. They do however state that if you've been a customer of theirs for a long period, and pay all your bills, that this limit will gradually be raised without any written notice. It's put across as if they're trying to help, but of course it just boils down to them giving you more and more capacity to spend.

Any customer can call BT and ask for a lower limit to be imposed and fixed.

On a slightly different note, I'm not sure if anyone is in the same boat as us, but we only use our landline to pipe the DSL in, and thus have our BT line on the lowest possible tarrif... we thought you'd be able to request an incoming-only line for this purpose, which costs about a third of the next cheapest option, but some clever dick already spotted customers may do this, and their contract terms bar any incoming-line customers from having ADSL broadband without first converting the line to a full contract jobbie.

Teh suxx0r.


//edit - mostly 09 I think, but the dialler we're discussing in this thread is 00 - international. :/

 

[Tom]

Chamelion, try Otelo (industry ombudsman)

http://www.otelo.org.uk/content.php?menuID=25&pageID=10

 

[Xavier]

Just found this while trawling the interwibble.

It's called Geek Superhero and sounds perfect for protecting the PC from future b0rkage. The app basically sits and monitors areas of the PC where apps can change key settings... c+p from their site is below

• Geek Superhero protects your web browser's home page and other important settings.
• Helps your computer start faster by keeping unnecessary things from starting every time you start Windows.
• Keeps you from having your modem's phone number changed to dial expensive pay-per-minute numbers when connecting to the Internet!
• Catches many of the changes a virus, worm, or trojan program will make to your computer.
• Prevents programs you install from adding new icons or favorites that you don't want.

Will have a read up and see if there are any known issues with the app, but for the monitoring of dialup settings alone it could be worth a try.

Xav

 

[Chameleon]

Thanks again for all the replies. He has emailed and written to practically everyone imaginable, including those suggested in here, so thanks. No news yet, but it's looking a little more promising than I originally thought. We'll see. Oh, neither scotland yard nor the FBI wanted to know btw heheh
I've now put him on nildram broadband, so he's happy as a sandboy and I don't have to worry about it happening again
Incidentally, when I installed the latest version of kerio personal firewall, the first time I tried to dialup, it asked me if 088123456 (or whatever his isp tel number is) was to be set as a trusted dialup number or not (or something similar), so had this been installed at the time, kerio would have recognised the change in dialup number and asked him to accept or deny the new number. A great feature I think ..... I only wish he'd not somehow disabled and removed kerio the first time by randomly pressing things! You live and learn I guess