Porn Diallers - The FAQ

seamus

Right, this has been a subject of much debate, and we get a lot of threads about it, so I'm just going to post up the info. Any threads started about it will be locked because everyone just gets in a big tizzy. If you want to discuss it, drag up one of the threads I link to below.

What is a Porn Dialler
A porn dialller is a program which gets installed on your machine by one means or another, and which then takes over your internet connection. By "take over" I mean it makes itself the default number that gets dialled by your computer when you connect to the internet. Many of them also will automatically dial out without any user intervention or prompting whatsoever, as long as the computer is on. They are part of a breed of very persistant, very intrusive set of advertising methods known as adware.

Why do they exist
Porn diallers first came on the scene as a means for people without credit cards to access pornogrphic content. A person would install the dialler, which would then call up a different number, and then the person could surf away on premium pornographic content. The charge appears as a premium-rate call on one's phone bill, just like a normal premium phone line.
However, more recently, the usual breed of more underhanded, and downright scum-of-the-earth scammers, have realised that it is possible to fool people into installing these onto their machines, either by fraudulent means, or by exploiting people's ignorance of software security. This means that people surfing sites that look innocuous are just as at risk of having one of these installed as someone surfing through pornographic material.

Who's at risk?
Anyone who uses a modem and phone line to connect to the internet. People using DSL, Satellite, or any other form of broadband, can still have the diallers installed, but they cannot have an effect unless the phone line is plugged into the computer.
People using ISDN are just as at risk as people using a standard (PSTN) phone line.

What can I do about it?
Well, first and foremost, the responsibility lies with you. It is up to you to be educated about what can and can't happen while you're surfing, and about what your software does and doesn't do. While obviously it's not possible for a normal user to be fully educated in these matters, there a few, simple, commonsense rules to follow:
Anytime you get a box popping up, with yes/no/ok/cancel buttons, read what it says. The first few lines will normally give it away. It's all too easy to just click "Yes" to get it out of your way, but this is probably the most common way diallers get installed. If you haven't specifically clicked to download a file (say a game, or an update), then always select "No". As with everything else when dealing with computers, if you're ever in doubt over what you should do, always select "No" or preferably "Cancel" (if it exists).
Turn up your modem volume to full. It may be loud, and it may be annoying, but if you're in the next room, you'll be able to hear your computer dialling before it racks up some big bills.
Install protective software:
Download/install a firewall. Useful names are Sygate, Norton, and BlackICE, to name but a few.
Download/install anti-virus software. Many diallers are now using virus-like exploits to simply force their way onto your computer. Free anti-virus I recommend are AVG ( http://www.grisoft.com/ ). Other similar products are made by norton and symantec, again, to name but a handful.
Download/Install anti-spyware/adware programs. By far the two most popular ones are Spybot - Search & Destroy and Ad-aware. Both are free, and most people recommend you install them both and run them once a week.
None of these products are any good without updates. Some products, like the Anti-Virus, may have several updates per day, whereas others have several updates per week. Update everything at once. Twice every week should be enough for an average home user.
Consider alternative browsers:
Microsoft's Internet explorer isn't a bad piece of software, in all regards. However, its integration with Microsoft Windows, and its popularity, make it an easy and popular target for hijackers. Simply by installing another browser (particularly one with pop-up blockers), you can avoid most, if not all hijack attempts while surfing.
The most popular choices are:
Netscape
Mozilla
Opera
Mozilla Firefox

I've received a huge bill, what can I do?
Nothing, really. For all intents and purposes, the onus is on you to ensure your computer is secure from these malicious attacks. This FAQ is needed because people contend on where blame should be placed, and it results in big, angry threads. Some people think the telephone provider is to blame. An analogy for this is having your car stolen when you left it with the door open, keys in the ignition and a full tank of petrol, and then expecting the county council to pay for your replacement, because you weren't aware it could be stolen.
However, others are angry with eircom due to profiteering on other's mistakes. Many diallers are located on small pacific islands, with little or no native or non-miltary inhabitants, to maximise profits and avoid legal issues. Eircom created a new call band to group these islands into, and then hiked up the price of calling them - as much as 5 times the normal rate from other places in Europe.
A similar analogy to this, is you having your car robbed, as above, but then being charged 5 times the going rate for a new car, by the county council. Who's side you stand on is something I won't get into

Links
Previous threads on the issue:
http://www.boards.ie/vbulletin/showthread.php?s=&threadid=169907
http://www.boards.ie/vbulletin/showthread.php?s=&threadid=147104
http://www.boards.ie/vbulletin/showthread.php?s=&threadid=156408
http://www.boards.ie/vbulletin/showthread.php?s=&threadid=66149
http://www.boards.ie/vbulletin/showthread.php?s=&threadid=165362

ComReg's informational booklet for consumers:
http://www.comreg.ie/_fileupload/publications/cg07.pdf

Suggestions, correction, etc to the usual place...

eircomtribunal

Don't accept Eircom's profiteering on this scam. Ask the Regulator to intervene, ask Dermot Ahern to act, ask Mary Hanafin to act.
And protect yourself. Read the comwreck consumer guide Ultimate Modem Hijacking Protection

Peter

spongebob

The ADO Stream vulnerability is essentially a script which writes to your hard drive and/or downloads a porn dialler .

Microsoft have patched part of this Problem in the past few days. Get the patch ( 105k) Here .

The best advice is to get another browser and not IE as Seamus said . I said Part of the problem because the Cert Advisory I linked states:

"It is important to note that there may be other ways for an attacker to write arbitrary data or to execute commands without relying on the ADODB.Stream control. "

M

Tom Dunne

Thought it might be worth mentioning that if you stumble across a website and get the Yes/No and/or Cancel pop-up window mentioned above, instead of clicking any of the buttons, hit the escape key instead (Esc - top left of the keyboard). This will get rid of the pop-up dialogue box and should not trigger any of the malicious code.

Some of these programs are desinged to install diallers/spyware even if you select No.

theciscokid

If you have ADSL or whatever, and don't need to dial up for net access, simply disable the modem or even better uninstall it to be safe

Doublezero8

Does anyone know what happens if you dial one of these numbers from a phone. Do you just hear the internet dial tone stuff back ?

Thxs
008

antoinolachtnai

The analogy about the car is just plain wrong. It's nothing like that at all.

The whole transaction is fraudulent. The user didn't enter into it willingly. He or she was duped into it. As a result, no agreement exists between the parties and the whole transaction is void. Ex turpi causa non oritur actio: (No action arises from an illegal cause), as they say in the courts.

The reason the analogy in the FAQ is false is that Eircom is essentially acting as the fraudster's agent in collecting the money. It is using its power of disconnection under the Telecommunications Acts to force you to pay it money which it will pass on to a fraudster. Eircom has no right to do this, if it knows the charges arose out of a fraud.

Aside from this, it is not at all clear that Eircom has the power to cut you off if you fail to pay a charge for content. Eircom can only cut off a subscriber to pay for telecommunications services. Pornography is not a telecommunications service, even if it is delivered down a phone line. This means that even if you willingly downloaded and installed the dialer, you could not have the phone cut off for non-payment (though Eircom could conceivably sue you for the money.)

I should point out, there is absolutely no precedent in these matters in the Irish courts. If you went to court on this, things might not go the way I suggested. You would obviously have to seek legal advice before refusing to pay the bill in these circumstances.

seamus

antoinolachtnai wrote:

The whole transaction is fraudulent. The user didn't enter into it willingly. He or she was duped into it. As a result, no agreement exists between the parties and the whole transaction is void.

Probably. Except that eircom aren't a party in the contract. They provide the service. Any contracts which take place over that service are none of their concern. At best, a user has the right to refuse to pay the people running the porn dialler, their share of the call, but not eircom. Eircom in no way attempt to initialise or continue any kind of fraudulent contract. They provision a line for use to make telephone calls. That's the contract, which the user has agreed upon. A separate contract is not required for each different type of call.

The reason the analogy in the FAQ is false is that Eircom is essentially acting as the fraudster's agent in collecting the money. It is using its power of disconnection under the Telecommunications Acts to force you to pay it money which it will pass on to a fraudster. Eircom has no right to do this, if it knows the charges arose out of a fraud.

They have no way of separating legitimate porn dialler use from a fradulently installed dialler. No-one could ever win that one in court. You could swear until your face turned blue that it was installed without your consent, but at the end of the day, it's your machine that did dial up, and you were the person using it when it was installed. All the evidence points to legitimate use.

Aside from this, it is not at all clear that Eircom has the power to cut you off if you fail to pay a charge for content. Eircom can only cut off a subscriber to pay for telecommunications services. Pornography is not a telecommunications service, even if it is delivered down a phone line. This means that even if you willingly downloaded and installed the dialer, you could not have the phone cut off for non-payment (though Eircom could conceivably sue you for the money.)

Eircom are only providing the telephony service, not the porn service. Users are being billed for telephony use, not porn download.
Perfect example - You pay NTL for your broadband service, but discover that an online retailer are charging you over the odds. Is your gripe with NTL? No. They're only supplying the means by which you access the online retail service.

Drag up one of the threads I quoted above if you want to continue this.

antoinolachtnai

Eircom is collecting the money to pass it on to the fraudsters. This is the same as the situation where a debt collection agency tries to collect money from a fraud.

Eircom is entitled to cut off your phone if you don't pay telecommunications charges. This is as a result of the 1983 Postal and Communications Act (around art. 90 somewhere)

The charges for 15x0 numbers (for example) are certainly content charges, not telecommunications charges. You are paying for the information you are receiving, not for the actual service of transferring information from place to place. The fact that it is billed in a similar way to a telecommunications service is by-the-by.

The use of the telephone billing system to collect content charges is not envisaged in the telecomms legislation from what I can see. Retail content services didn't even exist in 1983.

The Vanatu and Diego Garcia charges are clearly content charges, not telecomms charges, even though the phone numbers look like and are registered as international dialling codes. In practice, the calls don't actually terminate in these places, and the charges are disproportionate to their remoteness.

Eircom will know if the porn dialler was installed fraudulently if you make a complaint to them and say that it was a fraud. The obvious thing for Eircom to do in this situation is not to pay the people who are collecting the charges from them, explaining that there has been a dispute and that they are unable to collect. There will be no loss to Eircom.

Eircom are entitled to presume that all telecommunications charges incurred from your line are attributable to you and must be paid for by you, but only because this is specifically enshrined in law. They are not entitled to make the same presumption as regards content services.

The analogy with NTL is false for at least two reasons. Firstly, NTL aren't collecting on behalf of the retailer. This is unlike the eircom-porn-dialer situation where eircom are acting as collectors. Secondly, in this circumstances I haven't been duped into a transaction, I have entered the contract of my own free will, fully aware of what I was doing. Again, this is unlike the porn dialer situation, where my computer has been caused to start making these phone calls without my consent or knowledge.

spongebob

antoinolachtnai wrote:

Eircom is collecting the money to pass it on to the fraudsters.

Break down the charges again for Diego Garcia.l

Eircom charge €3.60 , €0.60 is VAT leaving €3 for the providers in the channel .

The destination "Country" , actually a rack in Telehouse in London , gets €0.50 which is revenue shared with the "Fraudster" who installs the crud on your PC. The "Fraudster" gets some €0.12c to €0.25c a minute.

Eircom makes the rest, approx €2.50 which is between 10 Times and 20 Times what the "Fraudster" makes.

This begs the question, who is the REAL "Fraudster" in this case.

Again, this is unlike the porn dialer situation, where my computer has been caused to start making these phone calls without my consent or knowledge.

The lack of knowing consent to the installation of the dialler by the person who is billed by Eircom is what makes the whole system a fraud.

M

jwt

Muck wrote:

Break down the charges again for Diego Garcia.l

Eircom charge €3.60 , €0.60 is VAT leaving €3 for the providers in the channel .

M

Taking that a bit further, that means that the VAT is on a fraudulent transaction?

Can the amount of VAT collected be chased under the FOI Act?

John

Ripwave

I just received this e-mail in 2 of my eircom.net e-mail accounts:

Dear Customer,

As part of our ongoing commitment to customer service we would like to
provide you with the following important information on Modem
Hi-Jacking.

Modem Hi-Jacking occurs when a web site you visit purposely disconnects
you from your Internet Service Provider and reconnects you to the
Internet through an international or premium rate number, which may
result in increased call charges.

Everyone using the Internet should be aware of this risk. It is a
global issue and is not confined to Ireland. eircom net provides a safe
surfing guide, which may help you reduce the risk of Modem Hi-Jacking.

Please be aware that there are also software and hardware solutions
available, which may reduce the risk of Modem Hi-Jacking. Our safe
surfing guide provides some examples of these solutions. These are
purely examples and do not represent an exhaustive list. eircom net is
not in a position to recommend a particular solution. Customers will
need to determine which one best suits their particular needs.

For further advice please visit our safe surfing guide at
http://www.eircom.net/safesurfing

Kind Regards,

Fintan Lawler

Managing Director, eircom net

maxheadroom

I like this:

6. Call your telephone service provider (not your ISP) and bar international and premium rate calls on your modem line

Good advice - if only we all had seperate modem lines we could afford to hobble like this.

Or maybe if our telephone service provider would let us selectively block calls to certain countries, or even make certain "unusual" bands opt in... sorry, just woke up

spongebob

Fintan is a disingenous shyster IMO

At the moment you must pay €25 to his masters McRedmond Nolan Soros and O'Reilly for an International Bar. Once the August consultation has concluded the suspect countries will be barred free of charge, no wonga for €ircon at all unless you act now .

You must then pay €3 month extra line rental for the Bar. Once the August consultation has concluded there will be no charge for barring the Porn Dialler countries as they will be barred by default. Calls to France are not the issue here.

Barring Premium numbers is free to implement and free ongoing.There is no issue with Irish premium rate numbers, simply €ircons porn dialler band 13 . Fintan did not clarify the difference between an International Bar and a Premium Rate number bar at all.

Funny that

M

eircomtribunal

Muck wrote:

Fintan is a disingenous shyster IMO
M

Exactly.

When I did some "research" (is too big a word for it) for the dialler article o n comwreck and a response to Comreg's consultation, I phoned up Eircom and asked for the international lines to be barred for my line for the computer and asked about the price and procedure. I was, without me asking about it made aware by the operator that they had to tell me that this international call barring was only guaranteed for voice calls and not for the modem/computer eventually dialling into expensive numbers. I was amazed and asked for explicit confirmation and was given that confirmation, after the operator asked back with her supervisor.

P.

damien

eircomtribunal wrote:

I was, without me asking about it made aware by the operator that they had to tell me that this international call barring was only guaranteed for voice calls and not for the modem/computer eventually dialling into expensive numbers.

And yet the same company doesn't guarantee a net connection on the same lline when you complain you can't dial into your isp.

spongebob

Eircom would naturally ensure that their international circuits to Band 13 countries were of the highest standard, it being worth over €2 a minute to them in pure profit.

M

Tom Dunne

eircomtribunal wrote:

international call barring was only guaranteed for voice calls and not for the modem/computer eventually dialling into expensive numbers.

How is that possible? If Eircon bars calls to numbers with a certain country code, how can the modem dial it if it can't be dialled via a telephone handset on the same line?

eircomtribunal

I don't think it can. So I was perplexed by the answer and the possible reason for Eircom to say this to me and I would assume to all potential call barring inquirers. It did not sound like the fluke answer of one operator and her supervisor.
P.

Our man in Havana

It is not possible for eircom to tell if a call is made by a handset or a modem. Its just a huge smoke screen to disencourage call barring.

sticker

What exactly are the risks of a dialer to my broadband connection with UTV?

I've virus defs up to date - and automated
Firewall - same
And routely scan with Ad-aware.

Since there is no dial tone for the ADSL modem - How do I know if I'm infected?

I tried to ask UTV this am, but tech support was busy for a good hour, and i had to go to work.

seamus

sticker wrote:

What exactly are the risks of a dialer to my broadband connection with UTV?

None. Only dial-up modems are susceptible to this hijack.

eircomtribunal

Comeg have issued the directive on modem hijacking.

While they have not followed my advice to send the inspectors to Eircom, they have not given in to the pressure of the Telco mob.
This should be the end of Eircom's Band 13 robbery.

Here is the document: http://www.comreg.ie/_fileupload/publications/ComReg0499.pdf

Here are all the submissions: http://www.comreg.ie/_fileupload/publications/ComReg0499a.zip

P.

seamus

eircomtribunal wrote:

Comeg have issued the directive on modem hijacking.

While they have not followed my advice to send the inspectors to Eircom, they have not given in to the pressure of the Telco mob.
This should be the end of Eircom's Band 13 robbery.

Here is the document: http://www.comreg.ie/_fileupload/publications/ComReg0499.pdf

Here are all the submissions: http://www.comreg.ie/_fileupload/publications/ComReg0499a.zip

P.

Excellent. Thanks to Peter and anyone else from here who responded to the consultation. This is what IOFFL mean by active member participation.

I particularly like this:

ComReg notes that, while critical of draft direction 2, none of the respondents who offer telephone services offered to absorb the costs from the consumer who in this instance is being forced to pay for substantial unauthorised call charges. Indeed, many respondents cited technical difficulties associated with international barring but did not provide adequate proposals to ensure that their customers no longer suffer from these exorbitant call charges.

ComReg growing a pair of balls?

Tom Dunne

Great work Peter. I've just read over it and for once it looks like ComReg are actually doing something right.

The cynic in me can't help but wonder were they pushed into this by the amount of complaints they were getting. I notice in several places in the document they mention the increasing amount of people who are getting hit by this scam.

As with the Morning Ireland thread last week, I think we should let ComReg know when we approve. Keep them on their toes, let them know we are watching.

damien

tom dunne wrote:

As with the Morning Ireland thread last week, I think we should let ComReg know when we approve. Keep them on their toes, let them know we are watching.

I agree Tom Dunne. ComReg seem to irk people and get even more negative comments than any other entity in the Telco sector, possibly because part of their charter is to help the consumer and many don't think they do.

This directive is definitely a way of helping the consumer. It's late in coming but it's here now and they should get some sort of positive acknowledgement from the consumers who they are allegedly looking out for.

viking

Excellent work Peter, this direction from Comreg really was a no-brainer. The solution was so bloody obvious it would have been impossible to get wrong...

I especially love these snippets:

ComReg cannot accept that one respondent (a leading internet service provider) is unaware of the existence of software and hardware available to address this issue. There are currently several software offerings available to combat this issue and a simple search on any search engine will suggest a number of alternatives as indeed will a perusal of the responses to this consultation.

Who might that respondent be...?

ComReg is placing the responsibility upon the operators concerned of ensuring that only legitimate numbers are opened. ComReg is aware that this requirement is placing an additional burden on those operators, but believes that operators ultimately will wish to ensure that their consumers are protected. Operators in this regard can always choose to absorb the cost of any rogue numbers instead of checking the numbers.

That last one really made me laugh out loud. Sounds like a regulator with balls.

Gareth

greglo23

this is a very useful free tool which counteracts diallers.
it`s updated on a regular basis.if you like you can donate (donationware).
http://www.javacoolsoftware.com/spywareblaster.html

viking

viking wrote:

Who might that respondent be...?

Just read the respondents document.

Wow, its Esat....

Esat BT posed a number of questions in relation to the nature of “hardware” and “software” that ComReg had been referring to in the context of prevention on “modem hijacking”. ComReg make reference to “software” and “hardware” in draft Direction 1. Esat BT again takes this opportunity to reiterate that it is unaware of the types of “software” and
“hardware” that ComReg refer to, and seek ComReg’s clarification on this issue. If ComReg could provide Esat BT and the Industry at large with examples of the types of “software”/ “hardware” envisaged, then the appropriateness of Direction 1 could be considered fully. Without such clarification Esat BT is not in a position to take a reasoned judgement.

The draft direction specifically requires ISPs to recommend to their subscribers “free or low cost hardware and/or software solutions”. Esat BT is not aware that such hardware and software actually exists or whether they are of sufficient quality that it can recommend them to its customers. This direction might be impossible to implement.

Now that's a strange response.

Gareth

Tom Dunne

I must admit I was confused by the hardware aspect - do they mean a router with built in firewall? How could you use that on a dial-up connection? Is there some kind of 56k modem with built in firewall we don't know about?

I presume the software they are referring to are the likes of Spybot, Ad-aware, Zone Alarm and anti-virus software.

spongebob

viking wrote:

Wow, its Esat...Now that's a strange response.

If there is anyone in the whole place who can read a modem init string I'd be absolutely amazed

The 'hardware' bit was a bit confusing right enuff but the 'software ' bit is a no brainer ....but only if you have any or are prepared to hire it .

M