|
|
|
|
|
|
|
| Unprotected PCs and Modems Don't Mix |
| Innocent Web surfers are getting hit with massive telephone bills from doctored digital photos |
|
Alexander Krabbe (internews)  |
 Email Article
 Print Article
|
|
|
|
Published 2004-10-22 09:50 (KST) |
|
|
|
A couple of weeks ago, the German Federal Office for Information Security published a dire warning for Internet users. According to the information given in the report (in German) the danger of an PC infection by so-called "dialers" and "trojans" has become as easy as getting a cold. Due to a security lapse in Windows programs, manipulated photographs are able to install these kinds of malevolent programs on every unprotected computer.
Dialers are programs that use a computer's modem to dial a telephone number which accesses porn servers directly. Many Germans became aware of these scams in the 1990s when reports of Web surfers getting hit with huge telephone bills first appeared.
Fees for these salacious sites can range from around two euros per minute (118.80 euro per hour) to a flat rate from 20 euros up to 900 euros for a single call. In comparison, an ordinary porn DVD costs about 30 euros -- a very strong indication that the whole dialer industry rests on some very unsavory business practices.
Since very few Internet consumers wanted to use these extremely expensive services, Internet porn companies had to think of new ways to make a profit. Rather than traditional advertising campaigns, surreptitious automatic downloading by dialer programs turned out to be the most effective solution.
These crimes first hit users of apparently "free porn" Web sites. With porn pages becoming so notorious, soon dialers were also hiding behind serious Web pages. The risk of infecting one's computer just by opening and viewing an otherwise normal picture marks a new low in Internet crime. More sophisticated methods are bound to appear in the future.
Since the dialers' installation strategies are constantly adapting, the German Justice system had to take action. The district court of the German city of Osnabrueck ruled on Sept. 17 that Internet users don't have to pay the exorbitant fees from such Internet porn fraud, even if they didn't protect their PCs with security software.
The court said that one must regard this category of security software as an "intellectual luxury." Very few users know how to secure their computers and even experts aren't totally immune to such attacks.
Another type of malevolent code -- a trojan -- gives an external user the ability to totally control an ordinary user's computer. The name refers to the ancient Greek story of the city of Troy, whose brave citizens were finally defeated by a trick from their besiegers -- the famous Trojan Horse. Made of wood and packed with fighters like Odysseus, the hollow horse was camouflaged as a gift. Ironically, this method still works today in the digital world.
A trojan works by installing the "gift" code, say a game or other ordinary software package, but then it covertly adds programs that most users will be oblivious to. The coders of such trojans now also can use this Windows security lapse. In contrast to dialers, trojans often are completely invisible to the ordinary user.
The recent security lapse with digital photos has its origins in an error within the jpeg-parsing component "gdiplus.dll". A manipulated picture can provoke a so-called buffer overflow in a program, overwriting the original stack.
As a result of this process, the victim's computer is completely exposed to cyber attack. Precipitating such an attack is no harder than just reading one's email or viewing a compromised photo on a Web page.
For more information on the security update, you can go to this Microsoft Corp. support page.
|
|
 |
|
| Alexander Krabbe is a German medical student at Ernst-Moritz-Arndt University of Greifswald, Pomerania. |
|
|
©2004 OhmyNews
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
 |
How worried are you about the H1N1 influenza virus? |
|
 |
| * Vote to see the result. |
 |
|
 |
|
|
|
|
|
|
|
|
|
RSS
Del.icio.us
Digg 
reddit
Y! MyWeb
Comments Note: Kindly refrain from personal attacks and profanity.
.jpg)
