WAYS OF INFECTION
Although most dialers are very similar to regular viruses, their distribution methods are different. They do not spread by themselves and usually have to be installed as any other software with or without user content. There are three major ways unsolicited dialer parasite can get into the system.
1. Pornographic, software and illegal music download web sites offer paid access to their extensive collections. The user is asked to download and manually install a particular dialer in order to receive an access to these collections. The installation is made with user consent. However, such a dialer usually doesn’t have the uninstaller or the uninstaller doesn’t completely remove a threat, so all further Internet connections are made through high-cost phone numbers.
2. Most widely spread malicious dialers get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their vendors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a dialer. The user cannot notice anything suspicious, as parasites do not display any setup wizards, dialogs or warnings.
3. Some dialers are secretly installed by visiting links in spam e-mail messages. Several parasites arrive in executable e-mail attachments. Their installation is made without explicit user consent.
It is known that dialers can also be dropped by specific viruses, trojans or worms.
Parasites affect mostly computers that run Microsoft Windows operating system and have modems installed.
WHAT A DIALER DOES?
- Connects a compromised computer to the Internet through high-cost phone numbers.
- Opens potentially unsafe web sites with pornographic, advertising or other similar content.
- Modifies system’s essential dialup and networking settings in order to register itself as a default Internet connection service, which is always used to connect a compromised computer to the Internet.
- Changes web browser’s default home and search pages and prevents a user from restoring initial settings.
- Creates numerous links to potentially insecure web resources, places desktop shortcuts to suspicious sites, adds multiple bookmarks to the web browser's Favorites list.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its detection and removal.
EXAMPLES OF DIALERS
There are lots of different dialer parasites. The following examples illustrate typical dialer behavior. Uyelik
offers access to the Internet via high-cost telephone numbers. It redirects a web browser to certain Internet resources and changes default home page without asking for user permission. Uyelik can be secretly installed while visiting some unsafe web sites. The parasite alters the registry, so the threat runs on every Windows startup, and creates a desktop shortcut named Click Me!!!. Most dialers are quite similar to Uyelik and do not pose any threat to the system, but severely violate user privacy. Webcont
connects its victim’s computer to the Internet through expensive phone number. It accesses a predefined Internet resource on the webcont.net domain without asking for user permission. Webcont silently erases the web browser's cache and history. The parasite gets into the system from some insecure web sites. The dialer complicates its detection and removal and doesn’t have the functional uninstaller. Antispy
is a way more harmful dialer that not only connects a compromised computer to the Internet using a premium rate phone number, but also terminates some running applications and steals system information. Once executed, it modifies the Windows registry to register itself as a primary Internet connection service. This means that all further Internet connections will be made through expensive phone number instead of local lnternet service provider’s default one. Such activity results in receiving enormous phone bills.
CONSEQUENCES OF A DIALER INFECTION
Practically all dialers are designed for commercial purposes. Their vendors strive to make money out of credulous and unaware users. Parasites deliberately do not offer fast and reliable Internet connection, as every minute that a user spends being online brings them quite a tangible income. A typical dialer’s victim loses hundreds of dollars every day and doesn’t even know about it until he receives an enormous phone bill from a local phone company.
Dialers complicate usual web surfing. Due to very low connection speed and throughput some web sites cannot be accessed or do not work as intended. Downloading software or music, watching online video or animation, browsing complex multimedia sites are almost impossible tasks for users whose computers are infected with dialers. Moreover, some dialers provide access only to several predetermined web resources, and other sites and servers cannot be accessed at all.
HOW TO REMOVE A DIALER?
As it was said above, most dialers work in the same manner as the computer viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove dialers and related components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta
, Spyware Doctor
, Ad-Aware SE
, eTrust PestPatrol
or Spybot - Search & Destroy
are well-known for perfect dialer detection and removal capabilities.
In some cases even an antivirus or spyware remover can fail to get rid of a particular dialer. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.