Dialer

Adialer(American English) ordialler(British English) is an electronic device that is connected to atelephoneline to monitor the dialed numbers and alter them to seamlessly provide services that otherwise require lengthynationalorinternationalaccess codes to be dialed. A dialer automatically inserts and modifies the numbers depending on the time of day, country or area code dialed, allowing the user to subscribe to the service providers who offer the best rates. For example, a dialer could be programmed to use one service provider for international calls and another for cellular calls. This process is known as prefix insertion orleast cost routing.A line-powered dialer does not need any external power but instead takes the power it needs from the telephone line.

Another type of dialer is acomputer programwhich creates a connection to theInternetor anothercomputer networkover the analogtelephoneorIntegrated Services Digital Network(ISDN). Manyoperating systemsalready contain such a program for connections through thePoint-to-Point Protocol(PPP), such asWvDial.

Manyinternet service providersoffer installation CDs to simplify the process of setting up a properInternet connection.They either create an entry in the operating system's dialer or install a separate dialer (as theAOLsoftware does).

In recent years, the term "dialer" often refers specifically to dialers that connect without the user's full knowledge as to cost, with the creator of the dialer intending to commitfraud.

Auto-diallers

Call centresuse various forms of automatic dialler to place outbound calls to people on contact lists.

Fraudulent dialer

Dialers are necessary to connect to the internet (at least for non-broadband connections), but some dialers are designed to connect to premium-rate numbers. The providers of such dialers often search forsecurity holesin theoperating systeminstalled on the user's computer and use them to set the computer up to dial up through their number, so as to make money from the calls. Alternatively, some dialers inform the user what it is that they are doing, with the promise of special content, accessible only via the special number. Examples of this content include software for download, (usuallyillegal)trojansposing asMP3s,trojans posing aspornography,or 'underground' programs such ascracksandkeygens.

The cost of setting up such a service is relatively low, amounting to a few thousand dollars for telecommunications equipment, whereupon the unscrupulous operator will typically take 90% of the cost of a premium rate call, with very few overheads of their own.

Users withDSLs(or similarbroadband connections) are usually not affected. A dialer can be downloaded and installed, but dialing in is not possible as there are no regular phone numbers in the DSL network and users will not typically have their dial-up modem, if any, connected to a phone line. However, if anISDNadapter or additional analogmodemis installed, the dialer might still be able to get a connection.

Malicious dialers can be identified by the following characteristics:^{[citation needed]}

Adownload popupopens when opening a website.
On the website there is only a small hint, if any, about the price.
The download starts even if the cancel button has been clicked.
The dialer installs as default connection without any notice.
The dialer creates unwanted connections by itself and without user interaction.
The dialer does not show any notice about the price (only few do) before dialing in.
The high price of the connection is not being shown while connected
The dialer cannot be uninstalled, or only with serious effort.

Installation routes

Computers running Microsoft Windows without anti-virus software or proper updates could be vulnerable toVisual Basic-scriptswhich install atrojan horsewhich changes values in theWindows Registryand setsInternet Explorersecurity settings in a way thatActiveXcontrols can be downloaded from the Internet without warning. After this change is made, when a user accesses a malicious page or email message, it can start installing the dialer. The script also disables themodem speakerand messages that normally come up while dialing into anetwork.Users ofMicrosoft Office Outlook,Outlook ExpressandInternet Explorerare especially affected if runningActiveXcontrols andJavaScriptis allowed and the latest security patches fromMicrosofthave not been installed. In March 2004, there were malicious dialers that could be installed through fakeanti-virus software.^{[citation needed]}E-mail spamfrom a so-called "AntiVirus Team" for example, contained download links to programs named "downloadtool.exe" or "antivirus.exe", which are malicious dialers. Other ways of transmission include electronic greeting cards that link to pages that tricks the user to installActiveXcontrols, which in turn install dialers in the background.

Therefore, links inspam emailsshould never be opened, automatically starteddownloadsshould be canceled as soon as discovered, and one should check on each dial-up to the Internet to see whether the displayed phone number is unchanged. Another way to protect oneself is to disable premium numbers through one'sphoneservices, but of course this disables all such services.

One should never run foreign code in a privileged environment unless the source is trustworthy. It is also advisable to protect oneself with anti-malware programs.

German regulatory law

On 15 August 2003, a new law came into effect inGermanycalled "Gesetz zur Bekämpfung des Missbrauchs von (0)190er/(0)900er Mehrwertdiensterufnummern" ( "Law for the combat of misuse of (0)190/(0)900 value added service numbers" ).

The law contains the following regulations:

Forced price notices for service providers.
Maximum price limits, legitimacy checks and automatic disconnects.
Registration of dialers.
Blocking of dialers.
Right of information for consumers from theRegTP.

On 4 March 2004 theGerman Federal Supreme CourtinKarlsruhedecided that fees for the usage of dialers do not have to be paid if it was used without the user's knowledge.

References

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system(HIDS) Anomaly detection Information security management Information risk management Security information and event management(SIEM) Runtime application self-protection Site isolation

Auto-diallers

Fraudulent dialer

Installation routes

German regulatory law

See also

References