| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 57276 | 2005-04-28 07:25:00 | Trojon Dailer causing huge $$$ on phone bills, what do you guys think about this? | CCF (6760) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 349914 | 2005-04-28 12:13:00 | its quite simple. virtually all malware type dailers are of the type that have a program that makes the pc dailout. the firewall simple picks up thats it a program doing it rather than someone clicking a dailup networking entry. also some interact with a program to hide the phone number being dailed. again the firewall picks up that program intereacting with the dailup. the legit ones i have seen simple make a dailup entry and you have to click it yourself. i'm fairly certain a firewall will not pick those up due to its a person clicking the entry rather than a program doing it.Interesting point, but it won't stop the charges. The Firewall blocks TCP/IP connections and warns of TCP/IP traffic from applications. An independent dialer application, or a rogue dial up networking connection will both be able to initiate the dialup modem and connect a call outbound. The Firewall doesn't kick in until after the call is connected, when a TCP/IP session is established, at which point it might grizzle. However by then the computer is already making the phone call, and incurring the charges. Whether the firewall prevents traffic getting across it or not is irrelevant as the charges are already being incurred. If you start a dial up connection to your ISP, does the firewall ask you about it? It doesn't. After the connection is established the firewall will then prompt for outbound TCP connections across that dialup connection (such as Internet Explorer/Whatever). A dialer program could happily invoke the modem without the firewall caring until such time as something tried to get traffic over the TCP/IP connection, and even then chances are it'd be something that had already been allowed access anyway so no one would be any the wiser. Incidentally I missed the rather important dialer adage from my first post: www.getfirefox.com |
ninja (1671) | ||
| 349915 | 2005-04-28 12:52:00 | mmmm.......interesting. at least that all makes sence :) well know a few people who reguarly get infected with dailers and none have ever mentioned any extra phone charges. all where picked up with the firewall. mayby they just didn't admit to the xtra phone charges. at the very least the firewall will indicate that something is not right. i will agree if a firewall works on tcp/ip traffic only a dailer is able to dail out. i know with ZA it interacts outside of tcp/ip but i don't know how much. |
tweak'e (69) | ||
| 349916 | 2005-04-28 12:53:00 | Make a new connection,hit connect,see if your firewall red flags it. No it doesn't. ZoneAlarm Free. |
mark c (247) | ||
| 349917 | 2005-04-28 14:01:00 | No it doesn't. ZoneAlarm Free.And why should it? Is a firewall now expected to stop you from connecting your computer to another computer using dial up networking? Heaven forbid! Next you'll be trying to get on the interwebthingy, what will your firewall think of that? :p |
personthingy (1670) | ||
| 349918 | 2005-04-28 21:25:00 | Thanks tweak'e and ninja for your explanations, it is all very enlightening . I have removed a few dialers off other people's computers but only two actually had strange charges on their phone bill but fortunately for them it was for less than $100 . Another person noticed his internet connection had dropped then he heard the modem making "strange noises" so yanked the cord out of the socket and thus probably saved himself a few dollars . As for the others, they were lucky that the toll call numbers were probably other than 0900 or the usual prefixes that NZ has for toll calls and therefore weren't going to do any damage . None of the people had firewalls or even knew what a firewall was . Wish I had a modem, I could visit some dodgy porn site and click their instant access button to see what happens,anyone else keen to be a guinea pig? I haven't got my modem hooked up otherwise I would experiment myself but one of these days I am going to use a spare hard drive and see just how quickly and how much spyware, adware, viruses, etc I can get on an unprotected Windows install . Will need assistance with finding places to get the stuff and what to install but I'm sure there will be plenty of willing helpers here for that one . Will be a change from the usual questions on how to get rid of it, anyway . Should be fun . :thumbs: :D |
FoxyMX (5) | ||
| 349919 | 2005-04-28 21:37:00 | well i can help with a dodgy list. Besides the built in firewall in os x the only other security program iuse is called little snitch (www.obdev.at) which might be of interest to other mac users, lets you know if any programs are trying to access the net | plod (107) | ||
| 349920 | 2005-04-28 21:54:00 | I haven't got my modem hooked up otherwise I would experiment myself but one of these days I am going to use a spare hard drive and see just how quickly and how much spyware, adware, viruses, etc I can get on an unprotected Windows install . Will need assistance with finding places to get the stuff and what to install but I'm sure there will be plenty of willing helpers here for that one . Will be a change from the usual questions on how to get rid of it, anyway . Should be fun . :thumbs: :D So shall i help by surfing porn sites all day with my linux box looking for dialers AKA "direct access to our servers " to download and send to you???? Will it help? Sheesh . . Surfing porn as a socail service! What next? :lol: :lol: :lol: |
personthingy (1670) | ||
| 349921 | 2005-04-28 22:07:00 | So shall i help by surfing porn sites all day with my linux box looking for dialers AKA "direct access to our servers " to download and send to you???? Will it help? Yes please. :D |
FoxyMX (5) | ||
| 349922 | 2005-04-28 22:24:00 | well i can help with a dodgy list. Besides the built in firewall in os x the only other security program iuse is called little snitch (www.obdev.at) which might be of interest to other mac users, lets you know if any programs are trying to access the net Thanks for the link plod, looks like a neat program and has good reviews. More info about the phone home problem here. www.mac360.com |
Safari (3993) | ||
| 349923 | 2005-04-28 22:32:00 | Yes please. :DMaybe tonight if i get bored at "The Feelers", i'll come home and see what i could find for you. It will be interesting to see how many if any get tossed by the viri filters on our email providers, but i'm sure we can get around that, even if i have to upload it onto a sneaky folder on www.millerton.co.nz for you to grab. :@@: I never thought i'd be looking for dialers and trojans for people to try out! I only hope your phone line has suitable toll restrictions! As for the others, they were lucky that the toll call numbers were probably other than 0900 or the usual prefixes that NZ has for toll calls and therefore weren't going to do any damage. Grabbing onto an 0900 equivalent in Russia would NOT be cheap! -------------------------------------------------- A telcos only motive for blocking such numbers would be to prevent customers having to lose service while they slowly pay the bill off. I don't think they could/should as it is NOT a telcos responsibility to protect clients from making calls! ;) |
personthingy (1670) | ||
| 1 2 3 4 5 6 | |||||