Webpage dialed my modem to ?

A German *webpage* dialed out over my modem, when I clicked that I was 18
years old (18 Jarhen). It also put a new Icon on my desktop.

I'm worried I'm going to have a $100 charge on my phone bill for 20 seconds
of a call to God-Knows-Where.

I knew email trojans could do this, but the webpage attack was a surprise.
I am on DSL. The modem was just there for a backup, if/when the DSL line is
down.

Is there an option that would give me a prompt before a webpage does this
again, or block modem calls that do not come from me? I already had the:
Network and Dialup Connections > Advanced > Dialup Preferences set to
"always ask me before autodialing" -but it did it anyway.

I found a new New Connection Icon. The number it called was: 0112463531444

WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus

melvin
Sat Oct 18 21:09:22 CDT 2003

Hello;
Can you explain, how the dial-up-modem was simultaneously
cabled in to the system with the DSL modem? Or rather,was
the dial-up-moden simply occupying a slot on your
motherboard. Thanks for the clarification.
melvin
------------------------------------
>-----Original Message-----
>A German *webpage* dialed out over my modem, when I
clicked that I was 18
>years old (18 Jarhen). It also put a new Icon on my
desktop.
>
>I'm worried I'm going to have a $100 charge on my phone
bill for 20 seconds
>of a call to God-Knows-Where.
>
>I knew email trojans could do this, but the webpage
attack was a surprise.
>I am on DSL. The modem was just there for a backup,
if/when the DSL line is
>down.
>
>Is there an option that would give me a prompt before a
webpage does this
>again, or block modem calls that do not come from me? I
already had the:
>Network and Dialup Connections > Advanced > Dialup
Preferences set to
>"always ask me before autodialing" -but it did it anyway.
>
>I found a new New Connection Icon. The number it called
was: 0112463531444
>
>WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus
>
>
>.
>

Cubit
Sat Oct 18 23:52:48 CDT 2003

The DSL modem plugs into the Ethernet port. The dialup modem is built into
the computer and had dialtone connected to it.


"melvin" <anonymous@discussions.microsoft.com> wrote in message
news:030a01c395e6$031dd7d0$a301280a@phx.gbl...
> Hello;
> Can you explain, how the dial-up-modem was simultaneously
> cabled in to the system with the DSL modem? Or rather,was
> the dial-up-moden simply occupying a slot on your
> motherboard. Thanks for the clarification.
> melvin
> ------------------------------------
> >-----Original Message-----
> >A German *webpage* dialed out over my modem, when I
> clicked that I was 18
> >years old (18 Jarhen). It also put a new Icon on my
> desktop.
> >
> >I'm worried I'm going to have a $100 charge on my phone
> bill for 20 seconds
> >of a call to God-Knows-Where.
> >
> >I knew email trojans could do this, but the webpage
> attack was a surprise.
> >I am on DSL. The modem was just there for a backup,
> if/when the DSL line is
> >down.
> >
> >Is there an option that would give me a prompt before a
> webpage does this
> >again, or block modem calls that do not come from me? I
> already had the:
> >Network and Dialup Connections > Advanced > Dialup
> Preferences set to
> >"always ask me before autodialing" -but it did it anyway.
> >
> >I found a new New Connection Icon. The number it called
> was: 0112463531444
> >
> >WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus
> >
> >
> >.
> >

Robert
Sun Oct 19 05:32:43 CDT 2003

Cubit wrote:
> The DSL modem plugs into the Ethernet port. The dialup modem is
> built into the computer and had dialtone connected to it.

The cheapest solution and one which is guaranteed to work would be to simply
unplug the phone line when you are not using it.


--
--
Rob Moir
Microsoft MVP for servers & security
http://www.robertmoir.co.uk

Cubit
Sun Oct 19 11:56:17 CDT 2003

I have unplugged the dialtone. Thanks for the suggestion.

I guess I'm feeling frustrated. I want MSFT to resolve these problems. I
have some calls on MSFT, so I pay attention.

MSFT has enormous resources. We are led to believe that security has been
given priority, yet the attacks from hackers seem to continue to take their
toll.

I have wondered if other operating systems, such as LINUX or UNIX have the
same vulnerabilities. I suspect the number of hackers who would attack
LINUX or UNIX is tiny compared to those who attack Microsoft products.

Is Microsoft really less secure, or are they just a much bigger target for
attacks?


"Robert Moir" <bofh@mvps.org> wrote in message
news:%23IKpRxilDHA.3612@TK2MSFTNGP11.phx.gbl...
> Cubit wrote:
> > The DSL modem plugs into the Ethernet port. The dialup modem is
> > built into the computer and had dialtone connected to it.
>
> The cheapest solution and one which is guaranteed to work would be to
simply
> unplug the phone line when you are not using it.
>
>
> --
> --
> Rob Moir
> Microsoft MVP for servers & security
> http://www.robertmoir.co.uk
>
>

Robert
Sun Oct 19 12:25:33 CDT 2003

Cubit wrote:
> I have unplugged the dialtone. Thanks for the suggestion.
>
> I guess I'm feeling frustrated. I want MSFT to resolve these
> problems. I have some calls on MSFT, so I pay attention.
>
> MSFT has enormous resources. We are led to believe that security has
> been given priority, yet the attacks from hackers seem to continue to
> take their toll.
>
> I have wondered if other operating systems, such as LINUX or UNIX
> have the same vulnerabilities. I suspect the number of hackers who
> would attack LINUX or UNIX is tiny compared to those who attack
> Microsoft products.
>
> Is Microsoft really less secure, or are they just a much bigger
> target for attacks?

Depends who you ask.

I'd say that no product is secure, all of them require some work to be
secured. I'm subscribed to a mailing list from Red Hat that talks up about
their problems and notifies me of patches i need for my red hat system and
they seem to be at least as frequent as Microsoft's patches if not more so.

I'd also say that hackers who want to force their adverts in front of you
via spyware, or who wish to steal information, etc are going to target the
systems that give them the biggest percentage return on their "investment".
Which at the moment would be Windows of course. If Windows were to become a
minority operating system I am quite confident the hackers would turn their
attention elsewhere.

melvin
Sun Oct 19 15:46:33 CDT 2003

Hello;
Thanks for the clarification. I was not aware, that
machines existed with motherboards constructed like this.
It does make the problem " a bit of a sticky wicket", so
to speak. Good luck.
melvin

>-----Original Message-----
>The DSL modem plugs into the Ethernet port. The dialup
modem is built into
>the computer and had dialtone connected to it.
>
>
>"melvin" <anonymous@discussions.microsoft.com> wrote in
message
>news:030a01c395e6$031dd7d0$a301280a@phx.gbl...
>> Hello;
>> Can you explain, how the dial-up-modem was
simultaneously
>> cabled in to the system with the DSL modem? Or
rather,was
>> the dial-up-moden simply occupying a slot on your
>> motherboard. Thanks for the clarification.
>> melvin
>> ------------------------------------
>> >-----Original Message-----
>> >A German *webpage* dialed out over my modem, when I
>> clicked that I was 18
>> >years old (18 Jarhen). It also put a new Icon on my
>> desktop.
>> >
>> >I'm worried I'm going to have a $100 charge on my phone
>> bill for 20 seconds
>> >of a call to God-Knows-Where.
>> >
>> >I knew email trojans could do this, but the webpage
>> attack was a surprise.
>> >I am on DSL. The modem was just there for a backup,
>> if/when the DSL line is
>> >down.
>> >
>> >Is there an option that would give me a prompt before a
>> webpage does this
>> >again, or block modem calls that do not come from me?
I
>> already had the:
>> >Network and Dialup Connections > Advanced > Dialup
>> Preferences set to
>> >"always ask me before autodialing" -but it did it
anyway.
>> >
>> >I found a new New Connection Icon. The number it called
>> was: 0112463531444
>> >
>> >WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus
>> >
>> >
>> >.
>> >
>
>
>.
>

S
Sun Oct 19 10:02:27 CDT 2003

Yes, you're going to have the $100 bill. Apparently you allowed a porn
dialer, which is an ActiveX control, to run. Be careful.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"Cubit" <no@no.not> wrote in message
news:fnkkb.2087$kD3.475@newssvr27.news.prodigy.com...
> A German *webpage* dialed out over my modem, when I clicked that I was 18
> years old (18 Jarhen). It also put a new Icon on my desktop.
>
> I'm worried I'm going to have a $100 charge on my phone bill for 20
seconds
> of a call to God-Knows-Where.
>
> I knew email trojans could do this, but the webpage attack was a surprise.
> I am on DSL. The modem was just there for a backup, if/when the DSL line
is
> down.
>
> Is there an option that would give me a prompt before a webpage does this
> again, or block modem calls that do not come from me? I already had the:
> Network and Dialup Connections > Advanced > Dialup Preferences set to
> "always ask me before autodialing" -but it did it anyway.
>
> I found a new New Connection Icon. The number it called was: 0112463531444
>
> WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus
>
>

Karel
Mon Oct 20 12:26:12 CDT 2003


"Cubit" <no@no.not> schreef in bericht
news:fnkkb.2087$kD3.475@newssvr27.news.prodigy.com...
> A German *webpage* dialed out over my modem, when I clicked that I was
18

www.security.kolla.de download update and run it.

alun
Tue Oct 28 20:31:48 CST 2003

In article <Rmzkb.1509$Ni2.508@newssvr25.news.prodigy.com>, "Cubit"
<no@no.not> wrote:
>I guess I'm feeling frustrated. I want MSFT to resolve these problems. I
>have some calls on MSFT, so I pay attention.

The cause of your problem is not Microsoft. It's the fraudulent dialer.

>MSFT has enormous resources. We are led to believe that security has been
>given priority, yet the attacks from hackers seem to continue to take their
>toll.

Microsoft's enormous resources come from income derived from selling
computer software. If they use more of that up in attacking hackers, do you
think they'll eat into their resources, or put up the price of software?

Why not put some calls in to your state AG's office, in their consumer
complaints department. Yours may be the one call they need to go with
several hundred others to start making a case.

Finally, I note that you said that the dialing started after you'd indicated
to the web site that you were over eighteen. Was there other text on the
page? Is it possible that you actually _approved_ the installation of a
dialer, without realising it? In that case, you're not even the subject of
a hack!

>I have wondered if other operating systems, such as LINUX or UNIX have the
>same vulnerabilities. I suspect the number of hackers who would attack
>LINUX or UNIX is tiny compared to those who attack Microsoft products.

What are you claiming was the vulnerability here?

>Is Microsoft really less secure, or are they just a much bigger target for
>attacks?

Yes, they are a much bigger target for attacks. However, when security is
concerned, there is no such thing as one company's product being more or
less secure than another - after all, it takes only one vulnerability to
tear down your security. The number of vulnerabilities doesn't
significantly matter as long as there is one that your attacker knows, that
you have not protected against.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Cubit
Thu Oct 30 16:04:32 CST 2003

[snip]
> What are you claiming was the vulnerability here?
[snip]
> Alun.

I found your post to be curiously unsympathetic.

I had assumed that for a webpage to download an exe file, there would be a
chance to approve or refuse such a thing. I now believe that the aciveX
scripting can be written so that the download of the exe file is hidden from
the user. To me, this is a security flaw, even if it is dressed up as a
feature.

On your suggestion that I unknowly approved the dialer, there is a slim
chance you are correct. The website was in German and my 3 years of German
in High School is less than a working knowledge of the language. My
websearch had been in English. Using a foreign language disclaimer in a US
based site might be a sneaky way to steal with unintended 900/976 type
calls.

My options were set to never dial out without prompting me. Something in
the downloaded code overode that. Doing this is the smoking gun to a
criminal intent.

I am not planning to contact law enforcement. I don't have all my ducks
lined up. Never-the-less I am a victim.