Dialer

A dialer (American English)or dialler (British English) is an electronic device or software that connects to a telephone line to monitor dialed numbers and automatically modify them for seamless access to services requiring long national or international access codes. It inserts or alters numbers based on the time of day, country, or area code, enabling users to connect through service providers offering the best rates. For example, it might use one provider for international calls and another for mobile networks. This technique is known as prefix insertion or least-cost routing. A line-powered dialer draws power directly from the telephone line, requiring no external source.

Another type of dialer is software that establishes an Internet or network connection over analong telephone lines or Integrated Services Digital Network (ISDN). Many operating systems include built-in dialers that use the Point-to-Point Protocol (PPP), such as WvDial.

Many internet service providers offer installation CDs to simplify the process of setting up a proper Internet connection. They either create an entry in the operating system's dialer or install a separate dialer (as the AOL software does).

In recent years, the term “dialer” has increasingly been associated with software that initiates calls or connections without the user’s informed consent regarding charges, often with the intent to defraud.

Auto-diallers

Call centres use various forms of automatic dialers to place outbound calls to people on contact lists.

Fraudulent dialer

Dialers are necessary to connect to the internet (at least for non-broadband connections), but some dialers are designed to connect to premium-rate numbers. The providers of such dialers often search for security vulnerabilities in the operating system installed on the user's computer and use them to set the computer up to dial up through their number, so as to make money from the calls. Alternatively, some dialers inform the user about their purpose, with the promise of special content accessible only via the special number. Examples of this content include software for download, (usually illegal) trojans posing as MP3s, trojans posing as pornography, or 'underground' programs such as cracks and keygens.

The cost of setting up such a service is relatively low, amounting to a few thousand dollars for telecommunications equipment, whereupon the unscrupulous operator will typically take a significant percentage (up to 90%) of the cost of a premium rate call, with very few overheads of their own.

Users with DSLs (or similar broadband connections) are usually not affected. A dialer can be downloaded and installed, but dialing in is not possible as there are no regular phone numbers in the DSL network and users will not typically have their dial-up modem, if any, connected to a phone line. However, if an ISDN adapter or additional analog modem is installed, the dialer might still be able to initiate a connection.

Malicious dialers can be identified by the following characteristics:^{[citation needed]}

A download popup appears when opening a website.
The website provides minimal information about the price, if any.
The download begins automatically even if the cancel button is clicked.
The dialer installs itself as default connection without any notice.
The dialer creates unwanted connections by itself and without user interaction.
The dialer does not show any notification about the price before dialing in (only few do).
The high price of the connection is not displayed while connected.
The dialer cannot be uninstalled, or can only be removed with significant effort.

Installation routes

After these modifications, visiting a malicious webpage or opening a harmful email can trigger the automatic installation of a dialer. The script may also disable the modem speaker and suppress system messages that normally appear during dial-up connections.

Users of Microsoft Outlook, Outlook Express, and Internet Explorer are especially at risk if affected ActiveX controls and JavaScript are enabled, and the latest security patches from Microsoft have not been applied. In March 2004, malicious dialers were reportedly distributed through fake anti-virus software. ^{[citation needed]}

E-mail spam, often appearing to come from a so-called "Antivirus Team" include download links to executables such as "downloadtool.exe" or "antivirus.exe", which were in fact dialers.

Other methods of infection include electronic greeting cards that redirected users to webpages designed to deceive them into installing ActiveX controls, which in turn install dialers in the background.

As a general precaution, links in spam emails should not be opened, and any automatic downloads should be canceled immediately upon detection. Users should also verify the phone number displayed during each dial-up Internet connection to ensure it has not been altered. Another preventive measure against malicious dialers is to block access to premium-rate numbers through the telephone service provider, although this may inadvertently affect certain legitimate phone functions.

Running foreign code in a privileged environment is generally discouraged unless the source is verified as trustworthy. Anti-malware software can also provide an additional layer of protection.

German regulatory law

On 15 August 2003, a new law came into effect in Germany called "Gesetz zur Bekämpfung des Missbrauchs von (0)190er/(0)900er Mehrwertdiensterufnummern" ("Law for the combat of misuse of (0)190/(0)900 value added service numbers").

The law includes the following provisions:

Mandatory price disclosures by service providers.
Maximum pricing caps, legitimacy verification, and automatic disconnect mechanisms.
Mandatory registration of dialers.
Enforcement of dialer blocking.
Consumer right to access information from the RegTP (now Federal Network Agency).

On 4 March 2004, the German Federal Supreme Court in Karlsruhe ruled that charges for dialer usage do not have to be paid if the dialer was used without the user’s consent or awareness.

References

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Software obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Information security management Information risk management Security information and event management (SIEM) Runtime application self-protection Site isolation

Auto-diallers

Fraudulent dialer

Installation routes

German regulatory law

See also

References