Press News

Protection Against Connection Switching Dialers

Budapest, July 15, 2004

With the spread of Internet more and more people find themselves accessing the Net, many of whom are novice Internet users. Recently the software that call premium rate or foreign numbers - often without noticing the user - to establish Internet connections have been proliferating. The telephone service providers are not responsible for the existence of these so-called dialers, i.e. programs that enable the frauds, yet Matáv, as the largest Hungarian telecommunications service provider and a dedicated supporter of the growth of the internet, intends to act jointly with NETÉRT (Interest Protection Organization of NET users) against these dialer programs.

How can you get hit by a dialer?

Connection-switching dialers are software programs that cannot reproduce themselves, they are not able to cause an "epidemic" or activate themselves, therefore they are not viruses. In fact, dialers are harmful programs that downloaded on the computer without the knowledge and/or the approval of the Internet user and then start operating. They change the system settings and connect to network services, to a separate network or computer on dedicated premium rate - long distance, possibly foreign - telephone numbers.

- The unsuspecting user usually downloads the dialers from web sites, hoping to get access to various special services. These premium services may be offered on sites that feature erotic videos / images, on the sites of illegal software collections, but you can even find them on interactive children's sites or sites that offer posters of celebrities or movies.

- These days not only the adventurous netsurfer may run into sites that conceal dialers. The owners of these programs plan for much more targeted abuse these days, they may send the addresses of their web sites to the prospects in unsolicited advertising messages (popularly known as spam). By accepting the conditions (with a click), the user may install a program that will then initiate international or premium rate calls by itself, and thus may generate telephone bills as high as several hundred thousand HUF. In some cases the fact that the called number is a premium rate number is hidden in small print somewhere in the contract, but the superficial user will not notice that, especially if the contract is not in Hungarian. These programs switch off the usual Internet connection of the computer and connect to services on a premium rate telephone number. This may result in exorbitant telephone bills for the user.

- A computer is exposed if it has a telephone connection on a modem, even if the modem is not used for Internet access, only to send and receive fax messages for example, and the Internet is reached by some other method (such as ADSL, cable net, etc.).

- Often, the malicious program offers implementation in the form of banner or a pop-up window, or it may open up many different browser windows at the same time.

- At present Windows 95/98/NT/ME/2000/Xp operating systems are the most widespread in the world, therefore it is logical that the these workstations are hit by the "malware dialers" most frequently.

- Microsoft is issuing security patches for its systems almost on a weekly basis, installation of these patches will correct some of the errors through which these programs may install themselves on our computer secretly. If we are lucky, these errors will come to the knowledge of Microsoft first, and only then to groups who intend to and actually use them for fraud.


What can (cannot) the service provider do?

- Service providers must, by law, complete the calls initiated from the subscriber telephone service access points.

- Telephone operators are not allowed to verify whether these calls are legitimate or intended, furthermore, they may not inspect the information flow going on the existing Internet connection, thus they are entitled to charge the fees applicable for the given direction on services actually rendered.


How can I protect my computer?

There are several ways for protection against such calls. Primarily, Internet users must act with caution, but the service providers - telephone carriers and internet service providers alike - should also take every opportunity to create awareness of the possible dangers, and to stop them by the available tools.


What can the user do?

- First, make sure that the given call has indeed been initiated from your computer. There have been cases when the investigation determined that a junior member of the family may have tried to make these calls.

- The most important thing is to be alert. You should rather be informed and wary than gullible. If you end up at an unknown site, be very cautious with every click. In most cases registered up to now, it seems that the victims could have suspected the danger with appropriate attention. For example, it is very unlikely that a service provider would offer valuable contents at really no charge at all (and also legitimately).

- The Internet browsers ask for the approval of the user before such a program is started. The main rule is: Always say "no" to something if you do not know what it will do exactly. Be cautious, do not click "yes" on a window if you do not precisely know what it will do.

- Often, before the installation the program will prompt the user whether he or she is really sure to install it. In many cases the program will display false messages to mislead the visitor of the site, and this is shown in the form of sophisticated displays in a foreign language. The basic rule is: if you surf the net and see pop-up windows with unclear contents, simply close them. If the program suddenly wants to install something while you are surfing the web, always say NEM or NO.

- If you use the operating systems of Microsoft, the biggest danger is that the dialing process is usually hidden (for comfort reasons), the user does not precisely know what is happening. In some cases it is a good enough security measure if you do not let Windows dial the number of your internet service provider automatically, without confirmation. In this case the connection is only established with your approval (you are prompted in the dialogue box), or at the order of the user (manual start), although this method does not provide surefire protection. There are several dialers that bypass the authorization of the connection and act on their own, in a hidden way. It is more efficient if you use a telephone setting in which the speaker of the modem remains active during the establishment of the connection, thus you can always hear the special dialing tone and we can intervene in time, if necessary.

- If an undesirable dialer has already been installed on our computer, the easiest way to remove it is to use special software, similar to the antivirus programs. In a Windows environment you can use Ad-aware (www.lavasoftusa.com, www.ad-aware.com) or Spybot Search & Destroy (www.safer-networking.org). You should often update your system, always download the current security patches that may prevent such malware - including viruses - from installing on your machine secretly.

- You should also report this problem to your telephone service provider, giving details about which software dialed and what number. You can identify the malicious programs using the software list above, and if you use the detection programs, you can avoid being damaged by dialers in the future. Considering the fact that the telephone service provider has completed the initiated call detected by its technical devices, in accordance with its service obligation, it is entitled to the service charge for the management of service.

- If you have a chance, you should use an external modem and switch it off after use, if you use an internal modem, you should take out the telephone cable from it.

- There are several settings in Internet Explorer by which you can make a compromise between comfort and security, and prevent the download of undesirable software programs. For example, you can globally disable the download of ActiveX drivers (the programs are usually installed by these scripts), or restrict their operation to digitally signed programs. You can also set that downloaded ActiveX drivers may not start without the authorization of the user (although this option does not really help those surfers who had clicked on YES before in the window that called their attention to the hefty prices of the call that would be started, although in small print).

- The more recent versions of Windows (NT or higher) give more and more sophisticated opportunities to restrict the rights of the user. These can also be applied to provide the appropriate protection, but these settings require deeper skills.

- Since most of the dialers will have to use a pop-up window to get installed on your computer, it is a good idea to suppress these windows - they are only a nuisance, anyway. The second update package of Windows XP already contains this opportunity, in the former versions you can use some freeware programs for the same purpose (for example, EMS Free Surf, www.emsproject.com). It provides better preventive defense if you use appropriately set personal firewalls. Another method to increase protection if you create a separate user profile for Internet usage, with minimum rights (for example, this user may only write in the given directory, may not install programs and may not change system settings).

- Due to its structure and user rights management system, it is very difficult to write programs that would abuse our system under Linux. If you do not use the system with system administrator rights, you are practically safe from dialers. Despite that, you should not forget: the fact that you use Linux does not provide appropriate protection by itself. Hackers are very resourceful, somebody might already be working on writing a dialer for Linux. You should not lull yourself into a false sense of security.

- If you use a virtual machine running Windows on Linux (for example, vmware) or a Windows emulator, in these environments mostly the same rules apply as if Windows were working as a stand-alone operating system. If we want to avoid the unpleasant task of having to fiddle about with the settings, the simplest solution is to prohibit the access of the virtual machine or emulator to the serial interface that is connected to the modem (the same should be done with the built-in or USB modems).


What can the service provider do?


Information

Giving appropriate information to the users is the first important step towards protection.

- On its web site www.matav.hu Matáv also offers other opportunities to get general information about the Internet, a free Internet course has been set up to help "novice" users, which raises awareness of the danger posed by connection switching dialers. As the "topic of the month," the web site dealt with this program, internet users also find ways for protection here.

- On the web site Matáv also provides an opportunity for users to ask questions that will be answered by internet experts.

- You can take a free e-learning course about the Internet on the web site of Matáv, you only need to register, after taking 6 obligatory and several optional lessons you can get a certificate on the completion of the course. If the user has individual questions, he or she can get information in the section "Ask the experts." These e-mails will be replied within 48 hours.

- Matáv also alerted its customers about this danger in the March issue of "Hírmondó," the newsletter posted together with the telephone invoice. In addition, member companies of Matáv Group have dealt with this issue on several forums and in many news items.


Traffic monitoring

- Matáv continuously monitors domestic and international transfer. If the traffic made to a particular call number increases outstandingly, Matáv will contact the foreign carrier through its international partner carrier relations. If it can be proven that the calling number is used fraudulently by connection switching dialers, then Matáv will prohibit the opportunity of automated call completion for that calling number, however, the number remains available through an operator.


Call restriction

- Matáv offers two kinds of call restriction service to its subscribers. Both can be applied globally, to every call, or to certain call types and number ranges (for example, premium rate calls, satellite, international or long distance calls).

- Call restriction is one of the simplest ways of protection against dialers, which may take the form of password coded and permanent call restriction ordered from the service provider. With call restriction by password, the callers other than the subscriber are only authorized to make calls in pre-defined directions, with the exception of emergency, fault report and long distance call report calls. A password is required to program and deactivate this service, by using the password calls can be made in any direction.

- Permanent call restriction can be used to restrict any calls, or certain call types from the telephone set. The two services (password coded and permanent call restriction) may not be used together. The restriction can be ordered permanently (to be released by the service provider only) or in the form of password coding. If that latter option is chosen, restricted calls may be initiated after giving a four-digit code. Permanent call restriction is free for Minimál and Felező tariff packages, otherwise it can be ordered for a one-time fee of 1435 HUF. The monthly fee of password protection is 262.5 HUF.

These services can be ordered from the call center of Matáv (1212) after identification by customer number and personal data), on the Internet (by e-mail or even by chat, on the web site of Matáv), or personally in any Matáv Pont store.