Hope I'm in the right place. My uncle has been hit with a $600 bill from
his long distance provider...it appears he has been the victim of a modem
hijacking, with his dialup connection being redirected through Iridium
satellite. My question is...who profits from this? Is it this Iridium
company? Apparently the diallers usually are installed via porn popups,
which my uncle says have been appearing all the time in the past two weeks.
How can a legitimate company make money like this?
If anyone has a link to good information concerning the situation with this
in Canada, I'd be grateful.
| Hello all
|
| Hope I'm in the right place. My uncle has been hit with a $600 bill from
| his long distance provider...it appears he has been the victim of a modem
| hijacking, with his dialup connection being redirected through Iridium
| satellite. My question is...who profits from this? Is it this Iridium
| company? Apparently the diallers usually are installed via porn popups,
| which my uncle says have been appearing all the time in the past two weeks.
| How can a legitimate company make money like this?
|
| If anyone has a link to good information concerning the situation with this
| in Canada, I'd be grateful.
|
| Thanks.
|
| Toni from T.O.
|
Have your uncle run the below software on his PC...
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
Thanks David. However we will not be removing the malware until we find out
what the long distance provider is willing to do. I CANNOT believe that the
police do not consider this a criminal act! The CRTC won't force the phone
companies to do anything about it because it is considered a competitive
industry (and therefore exempt from regulation? wtf?). The phone companies
don't care because they're making money off this. The more I look into
this, the angrier I get (I feel a Norma Rae coming on). I wonder how
widespread this problem is?
<deep breath> Thanks for listening!
Toni from T.O.
p.s. I'll let you know what happens with the PC when we eventually clean it
up. Until then...no internet for him!
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:O6V9f.1405$wb3.1054@trnddc03...
>
> Have your uncle run the below software on his PC...
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script
Interpreter {
> http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts,
one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
WGET.EXE. It will
> simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti
Virus Command
> Line Scanners to remove viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web
site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
or you can
> download the files and perform a scan in Normal Mode. Once you have
downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Toni from T.O. wrote:
> Hello all
>
> Hope I'm in the right place. My uncle has been hit with a $600 bill from
> his long distance provider...it appears he has been the victim of a modem
> hijacking, with his dialup connection being redirected through Iridium
> satellite. My question is...who profits from this? Is it this Iridium
> company? Apparently the diallers usually are installed via porn popups,
> which my uncle says have been appearing all the time in the past two weeks.
> How can a legitimate company make money like this?
>
> If anyone has a link to good information concerning the situation with this
> in Canada, I'd be grateful.
>
> Thanks.
>
> Toni from T.O.
>
>
Interesting, I thought Iridium went broke and was under the ownership
and use of the US government.
In the Usenet newsgroup alt.computer.security, in article
<TVW9f.4258$J14.283263@news20.bellglobal.com>, Toni from T.O. wrote:
>However we will not be removing the malware until we find out
>what the long distance provider is willing to do.
Correct - in one light, it's evidence of possibly criminal wrong-doing.
>I CANNOT believe that the police do not consider this a criminal act!
Making the charges - perhaps (I don't know Canadian law). There may be
a criminal action in installing the malware in the first place, but if
that is the case it's most likely at _least_ a provincial law, probably
national. You shouldn't be soliciting legal advice on the Internet (it's
worth exactly what you paid for it), but I would consult a lawyer. It
may also help to consult the press to see if they have a consumer advocate
type program.
>I wonder how widespread this problem is?
Apparently fairly wide. There are some laws about it in the UK and several
states in the US from what I understand, though I don't know how enforceable
they are.
>Until then...no internet for him!
You also want to consider some training - malware doesn't install
automatically without some form of help from the user. Often, this
is the user running as an elevated privileged user like 'administrator'
and blindly clicking 'OK' just to get the damn message box to go away
(or worse, having set a "Don't show me these messages - just do it"
setting somewhere).
"Winged" <Winged@nofollow.com> wrote in message
news:dafd3$4368aead$45493f2f$7904@KNOLOGY.NET...
> >
>
> Interesting, I thought Iridium went broke and was under the ownership
> and use of the US government.
>
> Winged
Ya, sorry, I didn't make that clear in my first post. The long distance
provider is Primus, and they tell my uncle the calls in question are to an
881 number, which is an Iridium number. So I take it the settlement
payments will go to Iridium. What I don't get is if Iridium are getting
paid by Primus, how is the party responsible for installing this dialler
making money? There doesn't seem to be much info on-line as to the workings
of this scam. My uncle's an engineer...he wants to know :-)
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndmi6ti.4ei.ibuprofin@compton.phx.az.us...
>
> >I CANNOT believe that the police do not consider this a criminal act!
>
> Making the charges - perhaps (I don't know Canadian law). There may be
> a criminal action in installing the malware in the first place, but if
> that is the case it's most likely at _least_ a provincial law, probably
> national. You shouldn't be soliciting legal advice on the Internet (it's
> worth exactly what you paid for it), but I would consult a lawyer. It
> may also help to consult the press to see if they have a consumer advocate
> type program.
>
I'm not really looking for legal advice, more just trying to figure out how
this scam works. Someone's making some cash, somewhere. Inquiring minds
want to know!
Toni from T.O. wrote:
> "Winged" <Winged@nofollow.com> wrote in message
> news:dafd3$4368aead$45493f2f$7904@KNOLOGY.NET...
>
>>Interesting, I thought Iridium went broke and was under the ownership
>>and use of the US government.
>>
>>Winged
>
>
> Ya, sorry, I didn't make that clear in my first post. The long distance
> provider is Primus, and they tell my uncle the calls in question are to an
> 881 number, which is an Iridium number. So I take it the settlement
> payments will go to Iridium. What I don't get is if Iridium are getting
> paid by Primus, how is the party responsible for installing this dialler
> making money? There doesn't seem to be much info on-line as to the workings
> of this scam. My uncle's an engineer...he wants to know :-)
>
>
Stranger still. All of the following links indicate 881 area code is a
paid toll free number:
These codes provide a way to extend toll-free calling beyond the borders
of the country in which the party paying for the calls resides. These
codes have been used primarily to allow Caribbean callers to reach toll
free numbers in the US. With this arrangement, the caller pays for the
international segment of the call (to the US gateway), and the called
party pays for the remainder. In theory, this concept can be implemented
between any of the countries sharing the NANP.
How does NANPA decide who is entitled to the assignment of a NANP
numbering resource; e.g., central office code, carrier identification code?
NANPA follows assignment guidelines developed by the industry. These
guidelines specify who is entitled to an assignment, how to apply, and
what obligations the assignee must meet to retain the assignment. The
guidelines and applications forms may be found on the Alliance for
Telecommunications Industry Solutions (ATIS) web site. The URL is http://www.atis.org/atis/clc/inc/incdocs.htm.
What country are you located in?
It does not look like Iridium is necessarily involved. I am familiar
with a dialer scam where the call is placed to a toll number in the
Caribbean (if I read the above right this is what probably has happened).
The telco in the Caribbean pays the number owner some outrageous
predefined toll sum per minute with that toll is charged back to the caller.
Good luck in your quest. I have heard that getting things settled can
be painful. A bunch of issues come into play here relating to law and
telco rules, as well as international treaties in the Caribbean.
Recommend hiring your local Mafia type to visit the place of origin and
inflicting great damage to sensitive portions of the culprits anatomy.
While this may cost a little more and you probably won't recoup any
funds, at least you'll have the satisfaction of knowing justice was done.
In the Usenet newsgroup alt.computer.security, in article
<530b8$43696528$45493f2f$6155@KNOLOGY.NET>, Winged wrote:
>Toni from T.O. wrote:
>> Ya, sorry, I didn't make that clear in my first post. The long distance
>> provider is Primus, and they tell my uncle the calls in question are to an
>> 881 number, which is an Iridium number. So I take it the settlement
>> payments will go to Iridium. What I don't get is if Iridium are getting
>> paid by Primus, how is the party responsible for installing this dialler
>> making money?
My understanding is that this is a multiple settlement thing - Primus is
paying Iridium (or whatever they are called today), and they in turn are
paying some other provider. There was a problem reported where a Nigerian
scam was splitting moneys between the Nigerian phone company, and the
crook. Can't recall if this was something related to a customer in the
UK or Netherlands, but it's not new or unknown.
>Stranger still. All of the following links indicate 881 area code is a
>paid toll free number:
>
>881 US/Canada Paid Toll Free Service
[compton ~]$ phone 881
881 -- PAID 800 Service
881 Global Mobile Satellite System (GMSS)
[compton ~]$
Look at the _country code_ 881, not the North American _area_ code. As
another (random) example:
[compton ~]$ phone 212
212 NY New York City (Manhattan) (Overlays 646 and 917)
212 Morocco
[compton ~]$
In North America, there's going to be a bit of a difference between you
dialing '1 212 123 4567' and '011 212 123 4567' - see the long distance
and "overseas" or "international" section of your phone book.
>It does not look like Iridium is necessarily involved. I am familiar
>with a dialer scam where the call is placed to a toll number in the
>Caribbean (if I read the above right this is what probably has happened).
>
>The telco in the Caribbean pays the number owner some outrageous
>predefined toll sum per minute with that toll is charged back to the caller.
It's not limited to the Caribbean - but that is the basic concept.
Moe Trin wrote:
> In the Usenet newsgroup alt.computer.security, in article
> <530b8$43696528$45493f2f$6155@KNOLOGY.NET>, Winged wrote:
>
>
>>Toni from T.O. wrote:
>
>
>>>Ya, sorry, I didn't make that clear in my first post. The long distance
>>>provider is Primus, and they tell my uncle the calls in question are to an
>>>881 number, which is an Iridium number. So I take it the settlement
>>>payments will go to Iridium. What I don't get is if Iridium are getting
>>>paid by Primus, how is the party responsible for installing this dialler
>>>making money?
>
>
> My understanding is that this is a multiple settlement thing - Primus is
> paying Iridium (or whatever they are called today), and they in turn are
> paying some other provider. There was a problem reported where a Nigerian
> scam was splitting moneys between the Nigerian phone company, and the
> crook. Can't recall if this was something related to a customer in the
> UK or Netherlands, but it's not new or unknown.
>
>
>>Stranger still. All of the following links indicate 881 area code is a
>>paid toll free number:
>>
>>881 US/Canada Paid Toll Free Service
>
>
> [compton ~]$ phone 881
> 881 -- PAID 800 Service
> 881 Global Mobile Satellite System (GMSS)
> [compton ~]$
>
> Look at the _country code_ 881, not the North American _area_ code. As
> another (random) example:
>
> [compton ~]$ phone 212
> 212 NY New York City (Manhattan) (Overlays 646 and 917)
> 212 Morocco
> [compton ~]$
>
> In North America, there's going to be a bit of a difference between you
> dialing '1 212 123 4567' and '011 212 123 4567' - see the long distance
> and "overseas" or "international" section of your phone book.
>
>
>>It does not look like Iridium is necessarily involved. I am familiar
>>with a dialer scam where the call is placed to a toll number in the
>>Caribbean (if I read the above right this is what probably has happened).
>>
>>The telco in the Caribbean pays the number owner some outrageous
>>predefined toll sum per minute with that toll is charged back to the caller.
>
>
> It's not limited to the Caribbean - but that is the basic concept.
>
> Old guy
Yup was trying to simplify scam. I have seen it several times (not
personally) to Caribbean. But yes, a number of countries allow this
behavior.
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndmkpsm.j0d.ibuprofin@compton.phx.az.us...
>
> >Stranger still. All of the following links indicate 881 area code is a
> >paid toll free number:
> >
> >881 US/Canada Paid Toll Free Service
>
> [compton ~]$ phone 881
> 881 -- PAID 800 Service
> 881 Global Mobile Satellite System (GMSS)
> [compton ~]$
>
> Look at the _country code_ 881, not the North American _area_ code. As
> another (random) example:
>
Hmm. The number given by Primus is 1-881-330-6343. Primus said it was
Iridium. I guess we have to wait for a detailed breakdown of the
bill...curioser and curioser.
"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:7usom1pjlta6pc1cqrepu4t71cs223nnar@4ax.com...
> I think you are getting confused with dialling the international
> prefix and 881 and the national prefix and 881 which are two
> different things. Iridium would require an international call and
> apart from malice their numbers are not going to be used as
> premium numbers for scams. They are in the business of high
> cost calls providing global coverage and are very reputable.
> --
That's what I figured. But it was Primus who mentioned Iridium, and they
must know. We haven't seen the details yet.
In the Usenet newsgroup alt.computer.security, in article
<DcUaf.11176$J14.554103@news20.bellglobal.com>, Toni from T.O. wrote:
>
>"Moe Trin" <ibuprofin@painkiller.example.tld> wrote
>> [compton ~]$ phone 881
>> 881 -- PAID 800 Service
>> 881 Global Mobile Satellite System (GMSS)
>> [compton ~]$
>Hmm. The number given by Primus is 1-881-330-6343. Primus said it was
>Iridium. I guess we have to wait for a detailed breakdown of the
>bill...curioser and curioser.
Well, the 881 (and 880 and 882) services are not the same as the 800 (and
855, 866, 877 and 888) numbers. I've honestly never encountered them before,
and the only things that google brings up on a quick search is their use
overseas calling out-of-country toll free numbers. But this scheme NORMALLY
seems to use the dialing sequence 'International Access Code, Country Code,
PAID 800 Service number (880, 881, 882 here), and then the toll free number
you are trying to reach. The difference is that YOU PAY the international
part of the call, and the toll free part is only within the destination
country. Thus, the number you indicate doesn't seem to fit the scheme I've
seen - but that probably doesn't mean much, as I certainly haven't seen it
used within North America.
Spending a minute or two on google seems to indicate that as an International
code, 881 is a Satellite access number, and 8813 is assigned to 'Ellipso',
though I have no idea if 30-6343 is a valid telephone number within the
Ellipso dialing scheme, or it needs more (or less) digits.
Well, you're certainly not alone. My father has also been a victim of modem hijacking, and currently owes $60 (so far) to WinTel, which is a subsidiary of Primus. He of course denied any knowledge of making these long distance calls to the Iridium number (the same 881-330-6343 number you mentioned) but was told by the Primus customer representative that he was responsible and had to pay the bill.
Interestingly, I had set up Symantec Anti-Virus and Firewall protection for my father, as well as had him running SpyBot and Ad-aware regularly to prevent viruses and spyware from getting onto his computer, but somehow this virus made it in.
We would be interested in knowing how (or if) you resolved your situation with Primus. It seems that they should be aware that these are fradulent charges since this sort of thing has been happening with other companies in other countries, but I guess they're just interested in collecting the fees. At best, this seems to be deplorable customer service, and at worst, Primus might be knowingly profiting from this virus' actions.
Can it be much longer before enough affected users get together and launch a class-action lawsuit against these telephone companies who are profiting in this manner?
I have been hit on my Win-tel bill this month ( December 05 ), dozens of calls to places like SAO TOMPRIN, IRIDIUM, WALLISFUTN, AUSTRIA, ESTONIA-C and others.
I am in conversation with Win-tel but have not had any decisions made yet.
Just trying to figure out if it could be their fault at all?
Has anyone had any decisions made yet in regards to these bogus charges, mine is at $150.00 plus.
I called primus and they keep saying that i'm the only one responsable....the calls were maid from my phone ligne.
I had the virus from astalavista.com
It could be worst, I disconnect the wire from the modem, may phone was connected even with the computer off.
I told them that i'm not paying it.
You can reach (PRIMUS)the team manager at :
1 800 957 1177
I currently work in the Fraud Department of a Long distance company. And lately I've been seeing this kind of thing more often. Of course Modem Hijacking has been around for a long time but I've only recently been working in the Fraud department. I understand the frustration of customers because I have to talk to them and tell them how they are responsible for the charges as a result of Modem Hijacking. Lately Austria and Estonia seem to be the big ones. We don't have many customers hit with calls to Iridium, but it does occur. There are 3 Networks that own 881 numbers: Ellipso - 8812 and 8813; Iridium Satellite LLC - 8816 and 8817; Globalstar - 8818 and 8819. 881 and 882 numbers are the most expensive (882 being Thuraya) all providing Global Mobile Satellite Service.
Despite what you may think the Phone companies are taking a proactive stand when it comes to Modem Hijacking. Once a range of numbers have been established as MH numbers, we will then block that range in our system so that people are unable to call to those numbers. I know of a Company that has blocked all calls to Estonia (all calls; you can not call anyone for any reason, over their network, to Estonia). Most Phone companies do not profit from MH due to the fact that most customers refuse to pay for the calls. The Phone company gets charged for those calls from somebody and eventually they lose.
I think what the criminals do is set up these numbers in foreign countries and then based on how many people call those numbers they get paid. So essentially they want as many people they can get to call these numbers.
Final Note: Phone companies are protected by the FCC and have the right to collect this money. There is no way your phone company could have prevented these types of calls from happening (i.e. they did not install or service any equipment you connect to your phone line.)
Hope this helps. If you would like to discuss this further, please feel free to contact me.
I have just finished discusions with the Fraud Account Specialist and much to my surprise and delight they agreed to credit me the bogus charges.
I have to say I was pleasantly pleased with the specialist, she listened to my side of the story and then gave their side and how they have no control over these internet modem hikacking schemes. This would be a once only credit so if it happens again I'm screwed.
I did agree to adding a security code to my long distance service so this should never happen again.
I couldn't say that this would work for everyone, but, give the Fraud Account Specialists a call and talk to them.
Thanks Win-tel.
Hi there,
I am also in the same situation now as you were. Win Tel billed me $ 250 for the long distance calls for the same number as some of you have mentioned above and I am into discussion with them. Can you tell me what happened with you guys? Your help will be greatly appreciated. Thanks a lot!!
Well it seems the fraud specialist and the accounting team have different views.
Since I refuse to pay for the bogus charges ( I did pay for all my legitimate ones ) they closed my account ( I was proactive and stopped using them a long time before ) and now I have a collection agency on my tail.
Anyone else bucking the system?
Modem hijacking/internet dumping 
Linear Mode
