For many, the daily walk to the mailbox evokes mixed feelings: The glee that your favorite monthly magazine ? or a friend's hand-written letter (quite a surprise in the e-mail age) may be waiting is countered by anxiety of how many bills the postman left you.
Now, imagine coming across your phone bill, thicker and heavier than normal. When you open it, instead of "statementstuffers" from the phone company's marketing department, the bill is dozens of pages long ending in a one-month total of almost $5,400.
A quick glance at the details reveals hundreds of calls to the same 1-900 number. "A mistake," you insist. After all, you'rethe only person in the house and you have never called a 900 number before. Actually, this is no mistake. In this true story, the homeowner had fallen victim to one of the oldest computer scams around: the "Auto-Dialer" virus.
How Did This Computer Security Nightmare Begin
-----------------------------------------------------------
What is an "auto-dialer"? Some time ago, the phone companiescame up with a feature that allowed merchants to reach a broader range of customers by allowing consumers to make payments via your phone bill. If you did not have a credit card, you just dialed a 900 number, connected by voice or modem (for Internet sites). Every minute you used the service, you were charged a fee ranging from $1 to $5 or more per minute. At month's end, the charge appeared on the phone bill. Many services were legit: Consumers called weather, horoscope and gambling services offering this feature. But many merchants sold expensive phone or online adult content.
How Did An Auto-Dialer Get Installed
-----------------------------------------------------------
But how did $5,400 in charges end up on the person's phone bill? Although many of these services require the user to physically dial the number or connect to the online site by instructing the modem to dial the number, this can happen without the user's knowledge. In the above case, the person's computer was infected with an auto-dialer virus. Somewhere during his Web travels, he connected to a site that popped up a rather confusing message instructing him to "Hit OK" to make the message go away. What this person didn't know was he was agreeing to download,install, and execute an adult content auto-dialer.
Behind the scene, the auto-dialer installed itself, checked for the presence of a modem and dial tone, and then proceeded to dial an overseas 900 number over and over again. Even though the person surfed using an always-on broadband Internet connection, the modem remained so he could send and receive faxes. One problem: When he wasn't using the modem, it remained plugged into the phone jack. Why should he have unplugged it? It's not like it could hurt anything, right? Wrong.
How To Protect Yourself
-----------------------------------------------------------
Unfortunately, there is no single solution to avoid these types of malicious acts. A short list of protective measures would include:
1) If you no longer need a modem in your computer, remove it. Or at least disconnect the phone line from the modem;
2) Install anti-virus software such as Trend Micro or Symantec's Norton Anti-Virus. Many are designed to prevent this kind of malicious software, or "Malware." More importantly, make sure your subscription for new virus patterns is current and configured to automatically download and install updates;
3) Install and regularly run Adware protection solutions such as LavaSoft's Ad-Aware or SpyBot Search & Destroy;
4) And do not, under any circumstances, blindly hit "OK" to pop-ups or similar annoyances without first making sure what you are agreeing to.
This tale is not fiction; in fact, it happens frequently, to businesses and consumers, kids and adults. But even the least savvy among us can thwart such an attack. A neighborhood teenager recently avoided potentially thousands in fees when an auto-dialer was downloaded and installed. How? She had unplugged the modem.
