Press release July 02, 2002

New dialer generation opens Pandora's box
Nutzwerk specialists examine new dialer library

Last week the online service www.dialerhilfe.de found a new generation of dialers. After all SaferSurf customers were protected within 1 hour, Nutzwerk specialists and the provider of the online service www.dialerhilfe.de, Mr Heiko Rittelmeier, started to take apart the new dialer. They discovered a perfidious way of forcing up the phone bill of internet users.

The dialer at http://live.sex-explorer.com does not – as usual – consist of an executable file or an ActiveX class, but is has found a different way of installing itself. At first a small executable file is downloaded with Active Scripting from any web page – a so-called loader. As this file is very small (ca. 5 kb), this download is not even noticed if the user surfs via modem. The loader downloads an executable DLL library and sometimes an ActiveX class. If ActiveX has been deactivated in the internet browser, the program also works without the ActiveX part.

The ActiveX component is downloaded from http://download.nocreditcard.com/download/Object/ieaccess2.cab. The security settings in Internet Explorer regarding ActiveX are simply overridden.

Once the library is loaded on the user computer, it is possible to build an expensive phone connection from any internet page. Everything else is controlled entirely via the browser. Apparently the browser passes on the dialed number and various other data to the DLL that starts the dialing connection for dial-up networking via the entry "minidialer".

In some cases the file Datei README[1].TXTvideo.exe was offered for download. With the Windows default settings the name is displayed as README[1].TXT in the download dialog box. This way an unsuspecting user would think that he downloads a text file. The file is started immediately after the download and again installs the dialer.

Due to the dialer library a central international dialer network is created. Once it has been installed behind the internet user's back, every provider can establish an expensive phone connection. And all this is not restricted to 0190 numbers. Even an expensive call with the dialling code 00599 for the Carribean is no problem. "Now it is like 'Dialers of all countries unite' ", says René Holzer, CEO of Nutzwerk and inventor of the real-time data filter SaferSurf. "Due to this centralized form of fleecing the user's wallet that everybody can take advantage of, the internet is shaken like in a fever. No internet page can be trusted any more, because everywhere an expensive phone connection might be built up", continues Holzer.

Nutzwerk has developed a dialer protection in SaferSurf against this central menace. Within 1 hour all SaferSurf customers were adjusted to fend off this new type of rip-off. All SaferSurf users are protected automatically for 1 euro per month, there is no installation or maintenance of protective software required. "When do the last ones realize that central menaces like viruses and the new dialer network can only be fought off from a central point? If the providers do not take action soon and offer every customer automatic protection against the dangers of the internet, we are going to be in the absurd situation that more and more users leave the internet and only the dialer providers keep on using the internet to call each other via expensive numbers", René Holzer describes the current situation.