Detox-Comic

Trojan web dialers

Trojan web dialers are dialler programs that generally use stealth techniques to get themselves installed on your PC and when they execute they disconnect you from your dial-up ISP and reconnect you via an expensive phone number resulting in a huge phone bill.

Can I catch this virus?

If any of the following applies to you then yes:

  • You access the internet via a dial-up modem
  • Your browser accepts all ActiveX components without notifying you first
  • You surf adult sites or sites that sponsor adult content banners or pop-ups
  • You respond to adult emails taking you to adult sites

How does the virus infect you and why?

Trojan dialer programs rely on you having your browser set to its security defaults so that it will run any ActiveX component it comes across (if it supports ActiveX). An object is downloaded to your PC as part of a web page that you have accessed. This component will then download and install the dialer program onto your system.

At some point it will disconnect your modem from your ISP and reconnect you to another service via a premium rate or international phone number. You may not even know this is happening as your modem speaker may be muted during this process or as default. These numbers are very expensive to call and a percentage of the call charge goes to the people that rent that number.

So it's not a virus but a phone dialer program?

Wrong. It did not ask your permission first before installing. It did not get your permission to access your modem or run up huge phone bills. So it's a virus and the virus community agrees. They call it a trojan dialer virus.

Is it easy to stop?

Once it starts to dial you have about 5 seconds to kill it before you get charged for the first minute plus connection fee. If you have an external modem you can switch it off manually. If your phone socket is easy to get at you can unplug it. If not you are going to have to hard reset your PC or pay the bill. You cannot ALT+F4 it. You cannot use the close window button and you cannot CTRL+ALT+DEL and kill it from the task menu. It wont let you. It's a virus remember?

How can I remove it once I'm infected?

Most virus killers recognise the majority of trojan dialers out there today. Make sure you scan your computer regularly for viruses and keep your anti-virus software up to date with the latest definition files. I'd also recommend getting some good anti-malware software such as Spybot Search & Destroy and Spyware Doctor as they also remove trojan dialers.

Play safe

The major concern for anyone that uses a dial up connection is the phone bill. With all the media hype about web dialer programs today they become paranoid that they are going to be hit with a very large phone bill if their computer becomes infected with a trojan dialer program. Well there is an easy way to prevent it from generating a huge phone bill.

Contact your phone line provider and ask them to block premium rate and international numbers on the phone line that you connect your computer to. If however you need to call premium rate or international numbers at some point you may not want to do this. You could use another phone line, a public phone or a mobile phone to call these numbers rather than the line your computer will use. That way, you can have peace of mind that if you become infected, the dialer program will fail to connect to the service it is calling.

Next you need to turn on your modem's internal speaker if one is fitted. Set your connection up so that it does not attempt to reconnect to your ISP should a connection be lost. Then if you are away from your computer - making a coffee or something, but within earshot - and you hear your modem dialing a number, you can go and disconnect it from the phone line and take a look at what is going on.

Of course the speaker is just a way of keeping tabs on your modem when you are nearby but away from your computer screen. I found it to be a useful tip.

Next, if you use Microsoft Internet Explorer to surf the web I'd change the default settings. Go to the 'Tools' menu and select 'Internet Options, Security' and then select the 'Internet' Zone. Select 'Custom Level' and set the following to 'Prompt'.

  • Download Signed ActiveX controls
  • Run ActiveX controls and plug-ins
  • Script ActiveX controls marked safe for scripting
  • Installation of desktop items

Set the following to 'Disable'.

  • Download unsigned ActiveX controls
  • Initialise and Script ActiveX controls not marked as safe
  • Access data sources across domains

Make sure that Java permissions are set to High safety.

Personally if you want to use Internet Explorer I'd recommend a program which 'wraps around' IE and offers you an easier way to secure your browser. Such third-party software can also block popups and allow you to disable ActiveX/Scripts/Javascript very easily when you want.

Next, I'd make sure I had a personal firewall installed and that it is configured to block all traffic from/to the internet and that I must authorise all access requests.

If you suspect you may have accidentally become infected with a dialer program but cannot be sure, there is no substitute for an up to date anti-virus program and a couple of good anti-malware programs. Update your security software with the latest updates available and disconnect from your ISP and turn your modem off. Set your anti-virus off scanning your computer and go make a cuppa. If all is well, start off your first anti-malware software and when that is finished, set off your second anti-malware software, and so on. If they find anything, allow them to fix it.

I've been infected and it managed to connect. What can I do?

With recent international media coverage of malicious software programs that can run up large phone bills, phone companies across the globe have been taking action.

If you have been infected with a trojan dialer and it managed to connect and you are worried about a large phone bill coming your way, then contact your phone service provider and let them know your concerns. They can check your bill and confirm your suspicions and then block further activity on your phone line to the number(s) in question. You may be asked to provide evidence that your computer has been infected. There may be a professional body set up in your country that deals with giving you advice on your rights and how to get the cost of the calls made by the virus removed from your account.

If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at dave@detoxcomic.com.

Did you enjoy this article or find the information useful? Help keep Dave and his articles online by keeping him fed with coffee by clicking the link below. Cheers!

Buy Me A Coffee

Article updated: 21-May-2006