Editing Dialer (section)

== Fraudulent dialer ==
Dialers are necessary to connect to the internet (at least for non-[[Broadband Internet access|broadband connections]]), but some dialers are designed to connect to premium-rate numbers. The providers of such dialers often search for [[Software security vulnerability|security vulnerabilities]] in the [[operating system]] installed on the user's computer and use them to set the computer up to dial up through their number, so as to make money from the calls.  Alternatively, some dialers inform the user about their purpose, with the promise of special content  accessible only via the special number. Examples of this content include software for download, (usually [[Piracy|illegal]]) [[Trojan horse (computing)|trojans]] posing as [[MP3|MP3s]], trojans posing as [[pornography]], or '[[Black hat hacking|underground]]' programs such as [[Software crack|cracks]] and [[Keygen|keygens]].

The cost of setting up such a service is relatively low, amounting to a few thousand dollars for telecommunications equipment, whereupon the unscrupulous operator will typically take a significant percentage (up to 90%)  of the cost of a premium rate call, with very few overheads of their own.

Users with [[Digital subscriber line|DSLs]] (or similar [[Broadband Internet access|broadband connections]]) are usually not affected. A dialer can be downloaded and installed, but dialing in is not possible as there are no regular phone numbers in the DSL network and users will not typically have their dial-up modem, if any, connected to a phone line. However, if an [[Integrated Services Digital Network|ISDN]] adapter or additional analog [[modem]] is installed, the dialer might still be able to initiate a connection.

Malicious dialers can be identified by the following characteristics:{{Citation needed|date=September 2009}}
*A [[download]] [[Pop-up ad|popup]] appears when opening a website.
*The website provides minimal information about the price, if any.
*The download begins automatically even if the cancel button is clicked.
*The dialer installs itself as default connection without any notice.
* The dialer creates unwanted connections by itself and without user interaction.
*The dialer does not show any notification about the price before dialing in (only few do)
* The high price of the connection is not displayed while connected
* The dialer cannot be uninstalled, or can only be removed with significant effort.

=== Installation routes ===
After these modifications, visiting a malicious webpage or opening a harmful email can trigger the automatic installation of a dialer. The script may also disables the [[modem]] [[Loudspeaker|speaker]] and suppress system messages that normally appear during dial-up connections. 

Users of [[Microsoft Office Outlook]], [[Outlook Express]] and [[Internet Explorer]] are especially at risk if affected  [[ActiveX]] controls and [[JavaScript]] are enabled, and the latest security patches from [[Microsoft]] have not applied  In March 2004,  malicious dialers were reportedly distributed through fake [[anti-virus software]]. 

[[E-mail spam]], often appearing to come from a so-called "AntiVirus Team" included download links to executables such as "downloadtool.exe" or "antivirus.exe", which were in fact dialers.

Other methods of infection include electronic greeting cards that redirected users to webpages designed to deceive them into installing [[ActiveX]] controls, which in turn install dialers in the background.

Therefore, links in [[Spam (e-mail)|spam emails]] should never be opened, automatically started [[downloads]] should be canceled as soon as discovered, and one should check on each dial-up to the Internet to see whether the displayed phone number is unchanged. Another way to protect oneself is to disable premium numbers through one's [[Telephone company|phone]] services, but of course this disables all such services.

One should never run foreign code in a privileged environment unless the source is trustworthy. It is also advisable to protect oneself with anti-malware programs.

Therefore:

* Links in [[Spam (e-mail)|spam emails]] should not be clicked.
* Automatically initiated [[downloads]] should be canceled immediately.
* One should verify the dialed phone number each time a dial-up connection is made to ensure it has not been changed.

Another way to protect oneself is to disable premium-rate numbers through [[Telecommunications company|phone]] services, although this will disable all premium services.

Untrusted code should never be run in a privileged environment, unless the source is verified and trustworthy. It is also advisable to protect oneself with reliable anti-malware software.