Modem Hijacking

Suzybie

Hi all

One of my mates had her modem hijacked and 600 euro worth of phonebills as a result. Calls to diego garcia and inmarsat lines made by bug which was installed on her machine by being online. This happened even though she has full virus/firewall protection. It looks like the next bill will be high also as it can take 2 months for calls to be billed.

Is there anyway of her appealing her phonebill? Has anyone else got experience of this? Her ISP and also Eircom have only told her what to do after the event - seems they know it happens alot but have not warned customers - bleeding typical. Did not said anything about her current bill problems. To be honest I never heard of this before now and had to go find how to stop it happening.

Any suggestions?

Suzy

seamus

Tell her to pay the money and refuse to download dialers.

There's **** all else you can do about it.

Paddy20

Suzybie,

Same thing happened to me, resulting in a internet usage bill of over €700 on top of my normal phonebills from that RAT, *Eircon.

I tried every avenue possible. Still had to pay the full amount which I am still more than annoyed about. The only satisfaction that I now have is that Eircon lost me as a customer for life, and I have saved a small fortune on both my internet usage & ordinary telephone call costs as I am now a customer of UTVip.com

So you are not alone.

P.;)

ozt9vdujny3srf

her modem wasn't "hijacked".

She d/led a dialer and installed it which meant she was using a foreign isp, which meant she had to pay a lot more than your standard local rate.

Really its her own fault for getting the dialler in the first place, and it is far from eircoms fault. Why should they have to foot the bill for the users mistake.

Its an expensive lesson. Dn't ever d/l something if you don't know what it is and don't go to the dodgy sites that have these dialers on them

seamus

Originally posted by Truckle
Its an expensive lesson. Dn't ever d/l something if you don't know what it is and don't go to the dodgy sites that have these dialers on them

And always read those certificates that pop up saying "Do you wish to d/l x from y?". The amount of times I've been in muck sites and had save dialogues open up for gator and dialers and other crap.

Bottom lesson? Only click yes when you know why you're clicking yes. Otherwise, click no.

spongebob

Originally posted by seamus
And always read those certificates that pop up saying "Do you wish to d/l x from y?". The amount of times I've been in muck sites and had save dialogues open up for gator and dialers and other crap.

oy oy, my sites are legitimate mugging enterprises.

Eircom carge loads of money for porn dialler countries, deliberately as i pointed out before. I blame comreg.

M

andrew163

I was hit by one of those.....although the damage was minimal compared to some of your experiences (about €150 i think)

It got onto the computer through an ActiveX control embedded on a web page..not sure which web page yet though....

i classify these things as trojans.....they cause damage (to your bank balance), and are distributed through the internet/computers with user interaction....... so they should be outlawed EVERYWHERE, and anyone caught using (i.e. distributing them) them should be locked up/fined for ALOT of money

just my 2c anyways..........

ActiveX controls.... Microsofts biggest ever mistake :rolleyes:

LoLth

Same thing happened a colleague of mine. Ran up a €600 phonebill. To give them their due, Eircon cut the connection as they realised that the usage was not in line with his regular calls.

he still had to pay the 600 though.

Paddy20

If the above postings about downloading diallers is correct. Then how is it that as soon as I moved my internet and ordinary telephone usage to UTVip, my problems stopped abruptly.

Has UTVip got or do they know something, that €ircon needs too know?..

P.;)

andrew163

i was on UTV when it happened

Paddy20

andrew163,

Now,you have really got me worried!. This week I installed ActiveX on to my computer for the first time, even though I really have not got a clue exactly what it is!, not had time to read all the info yet.

Have I now made my computer vulnerable?..I have *Zonealarm Pro & *PestPatrol which seem to do their jobs very effectively.

But now I am thinking have I made a mistake installing ActiveX from the Window Me upgrade site?.. if so can I un-install it. I seem to remember a notice stating once downloaded this programme can not be removed from your computer.

Believe me, I need any new uneplainable heavy bills!, like a hole in the head. I am still reeling after my experience with €ircon overcharging me, and to add insult to injury I spent almost another €100 calling their premium charge technical support repeatedly without any resolution.

P.

logic

you should set your web browser not to use activex without permisson i.e. increase your security settings. Sometimes, depending on the security setting, you won't be asked if you
want to install it. It just installs.

The Insider

Generally these are known as "porn diallers", they pop up on your screen when you go to certain sites, to make sure you have none on your PC got into network and dial up connections or if you are on win 98 or lower dial up networking. The only connections you should see in there is the one that you use to dial up to the Internet.

Then how is it that as soon as I moved my internet and ordinary telephone usage to UTVip, my problems stopped abruptly

Prob because you stopped looking at porn.
This is nothing got to do with your ISP, you and you alone download these things and the normally the reasons these download onto your PC is because you are on Porn sites(not always). Its your own fault if you download these not Eircom's not UTV's they can not stop what content is put on the Inteweb. IF you have sky digital and you enter in your PIN to watch a adult movie and then they charge you for it would you complain about sky?

seems they know it happens alot but have not warned customers - bleeding typical

What to you expect Eircom to do, ring every customer and tell them about it. If the person is on porn sites and are stupid enough to downlaod a dialler the tough s**t. If you check out eircoms support site all this information is there about porn diallers support.eircom.net so they did make the info available.

eth0_

I can't think of one instance where these diallers weren't downloaded as a result of the user looking at porn sites and clicking a 'download this program for free pr0n!' link.

Tough **** about your phone bill. I hate eircom as much as the next person but why should they have to foot the bill for this users stupidity/naivety call it what you will.

It's amazing the volume of people who have these diallers installed! A popular one is called 'go in direct'. I used to do tech support and pretty much every day you'd come across someone with this in their dial up networking folder; I just thought it must be some branded ISP dell or packard bell must use, till I googled it! heh.

Just be very careful about what you download, and periodically check your ISP connections to make sure they're dialling the correct number.

BigEejit

Originally posted by eth0_
Just be very careful about what you download, and periodically check your ISP connections to make sure they're dialling the correct number.

or get broadband and dump/disconnect your modem

LoLth

etho_ : quite a few diallers are downloaded through popups that have nothing whatsoever to do with pr0n sites.

warez/cracks/appz etc are a breeding ground for diallers

Even seemingly innocent sites can put up a pop up, not from the site itself but from the host of the site (be wary of eastern european and asian hosted sites).

I do agree that the majority of diallers are downloaded from visiting "adult" content (usually small, free providers) but to automatically assume that someone is browsing pr0n just because they have diallers/spyware on their computers is a bit harsh.

ps. a lot of pop ups leading to diallers etc are the result of cookies and spyware giving out your details and announcing your presence. eAnthology was great for doing this - the b@stards - as well as grokster - you had to allow sydoor to resident on your PC if you wanted grokster to work.

Paddy20

Re: Modem Hijacking?..

Many thanks all for the advice.

1, *logic, I have now set my browser. So that ActiveX must ask for permission before it will be allowed to out. I have also increased my security settings as you suggested. Thanks.

2, *The Insider, I went in to networking and dial-up connections, all thats listed are UTV Internet and *UTVip XL as the (Default) number. So, I assume thats about right!. Thanks.

The best news is I just got my first UTVip XL account statement online for my Internet & telephone calls usage for August. I am more than delighted at how small the total charges are, especially considering that I used the Internet for 173 hours in August. I hate to think what my bill would have been had I still been using the €ircon RAT .

All the best.

P.;)

oneweb

Anyone visiting porn sites on IE is just asking for trouble what with ActiveX, malformed code exploits et al.
Any eejit of a dumbass script kiddie can form code that can make it so simple to install bad stuff whilst making it look like a "win $500,000 just by clicking here". Totally agree with Seamus Truckle and Etho.

If you do fancy some porn, use Mozilla - it'll even stop all those rubbish popups that I've, um, heard of.

vibe666

there's a few of these threads doing the rounds at the minute and you really do have to take responsibilty for what gets on to your computer and what it does.

if someone were to break into your house because of a lack of proper security measures wwho would be responsible, the people who made the car the thieves used to drive up to the house?

the council who put the road there?

shoegirl

I had one of those little bastards on my system but I immediately spotted and removed the problem. It managed to get a connection but I have an external modem so I switched it off. So I guess it will cost me no more than a few cent at most (no more than a 2 or 3 second connection).

I use eircom flatrate and I immediately spotted the disconnection and that it was not eircom reconecting. This little bug doesn't even use the normal dial up so that was no use. I had to deliberately reconnect on eircom and installed "ad-aware", which I use at work also to keep out spyware.

It recognised the malware and totally removed it.

If you are disconnected and something reconnects you - be very suspicious. I spotted the problem straightaway as I'm using the net for nearly 10 years and know what "normal behaviour" should look like.

As for eircom - not their fault. You should run a pop-up stopper and manually switch off on trusted sites, and also ad-aware or a spyware remover.

echomadman

originallt posted by Truckle

She d/led a dialer and installed it which meant she was using a foreign isp, which meant she had to pay a lot more than your standard local rate.

These things will download and install themselves if your machine if left at its default browser settings.
And for all of you saying "people should know better, etc.." The internet et al is being marketed very hard to very non-technical people, ryanair.com, aerlingus etc,
eircom, from what i've seen offer no virus/spam filtering on their mail accounts, so anyone who opens or previews a malicious email (depending on os/mail client level of patching), can get hit with one of these.

I keep 28 machines updated with latest antivirus/spybot/spywareblaster/adaware definitions.. and i still see new ones that get through every few days.

for anyone that isn't net-savvy these thingss are a serious threat

gollem_1975

how do I find if I have gator on my machine .

if its there how do I remove it ?

ssh

One must download lavasoft's adaware...

I think it's http://www.lavasoftusa.com.

Great piece of software, picks all of that crap up. It breaks kazaa though, so be ware. There's a free version too.

Course I made my family use Mozilla, so they don't have these problems

ai ing

Yeah since i started using mozilla i have not had any of these problems , great pop up blocker Anybody familiar with these problems should know -Whack-a-mole
and how damn annoying it is

Capt'n Midnight

RE: how do I find if I have gator on my machine .

Look up the stickies on Security / Windows forums for other Malware blockers etc.

googlebar
Spybot
Spyware blaster
XpSpy
ZoneAlarm
etc. etc. etc.