modem hijacking or internet dumping

Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
and doesnt have a phone line hooked up to their computer? I am a little
new to the topic, any help would be appreciated.

From: "spviking" <Smp928s@gmail.com>

| Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
| and doesnt have a phone line hooked up to their computer? I am a little
| new to the topic, any help would be appreciated.

Plaese elaboarte on what what you are trying to ask.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman wrote:

> From: "spviking" <Smp928s@gmail.com>
>
> | Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
> | and doesnt have a phone line hooked up to their computer? I am a little
> | new to the topic, any help would be appreciated.
>
> Plaese elaboarte on what what you are trying to ask.
>

I thought the OP was talking about downloading programs that then try to
place calls via your phone, i.e. highjacking the modem.

From: "Rick Merrill" <rick0.merrill@NOSPAM.gmail.com>

| David H. Lipman wrote:
|
>> From: "spviking" <Smp928s@gmail.com>
>>
|>> Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
|>> and doesnt have a phone line hooked up to their computer? I am a little
|>> new to the topic, any help would be appreciated.
>>
>> Plaese elaboarte on what what you are trying to ask.
>>
| I thought the OP was talking about downloading programs that then try to
| place calls via your phone, i.e. highjacking the modem.

Maybe. But I thought it was unclear and I wanted to be sure before posting an answer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Tue, 29 Aug 2006, in the Usenet newsgroup alt.computer.security, in article
<gsCdnf9BfeCvW2nZnZ2dnUVZ_t-dnZ2d@comcast.com>, Rick Merrill wrote:

>David H. Lipman wrote:
>
>> From: "spviking" <Smp928s@gmail.com>
>>
>>| Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
>>| and doesnt have a phone line hooked up to their computer? I am a little
>>| new to the topic, any help would be appreciated.
>>
>> Plaese elaboarte on what what you are trying to ask.
>
>I thought the OP was talking about downloading programs that then try to
>place calls via your phone, i.e. highjacking the modem.

My interpretation was that the O/P was concerned about those wonky add-on
"tools" needed to connect to some web sites - that turn out to be mal-ware
that reconfigures the windoze Dial Up Networking setup to replace the
existing (presumably "local") phone number with one in Central Africa (or
some other "friendly" region) and suddenly the dial in to the ISP isn't
a local call any more, and the telephone bill is running $LARGE_NUMBER
of $CURRENCY_UNITS per second.

Where this _MIGHT_ impact a broadband user without a telephone line and
appropriate modem is if the "tool" reconfigures the networking setup,
trying to disable the broadband connection so that the system _has_ to
use the dialin to the foreign country. Not very likely, but possible.
The mal-ware actually should trivially detect that this is a broadband
connection (rather than dialin), and there are much better things it can
be subverted for.

What would be FAR more likely is the installed mal-ware converts this
broadband connected system into a support zombie - serving pr0n or SPAM
to the world at no cost or risk to the bad-guy. If something goes wrong,
the O/P takes the heat, and the bad-guy can't be found. What's new?

To the O/P: The mal-ware is going to go for the broadband connection (DSL
or Cable - doesn't matter) for the same reason you converted to broadband.
Bandwidth. Do you remember how long it took to bring up a single full
screen image from someplace on the net over a telephone line? With cable,
it comes up just like that! Now, think of the poor spammer trying to
deliver that marvelous offer of p*n*s ex**nder pills to every household in
Ohio using that same dialin line. Don't you think the spammer would rather
use your high speed connection to do the same task, especially when there
is no cost to the spammer, and you're the one people want to lynch?

Old guy

From: "Moe Trin" <ibuprofin@painkiller.example.tld>

| On Tue, 29 Aug 2006, in the Usenet newsgroup alt.computer.security, in article
| <gsCdnf9BfeCvW2nZnZ2dnUVZ_t-dnZ2d@comcast.com>, Rick Merrill wrote:
|
>> David H. Lipman wrote:
>>
>>> From: "spviking" <Smp928s@gmail.com>
>>>
>>|> Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
>>|> and doesnt have a phone line hooked up to their computer? I am a little
>>|> new to the topic, any help would be appreciated.
>>>
>>> Plaese elaboarte on what what you are trying to ask.
>>
>> I thought the OP was talking about downloading programs that then try to
>> place calls via your phone, i.e. highjacking the modem.
|
| My interpretation was that the O/P was concerned about those wonky add-on
| "tools" needed to connect to some web sites - that turn out to be mal-ware
| that reconfigures the windoze Dial Up Networking setup to replace the
| existing (presumably "local") phone number with one in Central Africa (or
| some other "friendly" region) and suddenly the dial in to the ISP isn't
| a local call any more, and the telephone bill is running $LARGE_NUMBER
| of $CURRENCY_UNITS per second.
|
| Where this _MIGHT_ impact a broadband user without a telephone line and
| appropriate modem is if the "tool" reconfigures the networking setup,
| trying to disable the broadband connection so that the system _has_ to
| use the dialin to the foreign country. Not very likely, but possible.
| The mal-ware actually should trivially detect that this is a broadband
| connection (rather than dialin), and there are much better things it can
| be subverted for.
|
| What would be FAR more likely is the installed mal-ware converts this
| broadband connected system into a support zombie - serving pr0n or SPAM
| to the world at no cost or risk to the bad-guy. If something goes wrong,
| the O/P takes the heat, and the bad-guy can't be found. What's new?
|
| To the O/P: The mal-ware is going to go for the broadband connection (DSL
| or Cable - doesn't matter) for the same reason you converted to broadband.
| Bandwidth. Do you remember how long it took to bring up a single full
| screen image from someplace on the net over a telephone line? With cable,
| it comes up just like that! Now, think of the poor spammer trying to
| deliver that marvelous offer of p*n*s ex**nder pills to every household in
| Ohio using that same dialin line. Don't you think the spammer would rather
| use your high speed connection to do the same task, especially when there
| is no cost to the spammer, and you're the one people want to lynch?
|
| Old guy

Malware doesn't care what Internet connectivity you have. It just want's to launch its
payload which is often Internet related.

It is just that connection to Broadband increases the cahnce of being infected.

Malware will happily infect a DUN connected PC.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Yes Moe trin is correct this is what I was referring to. My Cousin uses
Time Warner's Road Runner here in New York and he got his recent
Verizon phone bill and found 600 dollars worth of calls to Cameroon,
Austria and Madagascar. The phone company told him it was likely modem
hijacking (what Moe Trin described). My cousin does not have his phone
line plugged into his computer at all and we cant figure out how this
malware could have effectively charged his phone bill. Sorry I was so
vague initially.

Thanks again!


David H. Lipman wrote:
> From: "Moe Trin" <ibuprofin@painkiller.example.tld>
>
> | On Tue, 29 Aug 2006, in the Usenet newsgroup alt.computer.security, in article
> | <gsCdnf9BfeCvW2nZnZ2dnUVZ_t-dnZ2d@comcast.com>, Rick Merrill wrote:
> |
> >> David H. Lipman wrote:
> >>
> >>> From: "spviking" <Smp928s@gmail.com>
> >>>
> >>|> Hi, Can modem hijacking happen to someone who uses broadband (not dsl)
> >>|> and doesnt have a phone line hooked up to their computer? I am a little
> >>|> new to the topic, any help would be appreciated.
> >>>
> >>> Plaese elaboarte on what what you are trying to ask.
> >>
> >> I thought the OP was talking about downloading programs that then try to
> >> place calls via your phone, i.e. highjacking the modem.
> |
> | My interpretation was that the O/P was concerned about those wonky add-on
> | "tools" needed to connect to some web sites - that turn out to be mal-ware
> | that reconfigures the windoze Dial Up Networking setup to replace the
> | existing (presumably "local") phone number with one in Central Africa (or
> | some other "friendly" region) and suddenly the dial in to the ISP isn't
> | a local call any more, and the telephone bill is running $LARGE_NUMBER
> | of $CURRENCY_UNITS per second.
> |
> | Where this _MIGHT_ impact a broadband user without a telephone line and
> | appropriate modem is if the "tool" reconfigures the networking setup,
> | trying to disable the broadband connection so that the system _has_ to
> | use the dialin to the foreign country. Not very likely, but possible.
> | The mal-ware actually should trivially detect that this is a broadband
> | connection (rather than dialin), and there are much better things it can
> | be subverted for.
> |
> | What would be FAR more likely is the installed mal-ware converts this
> | broadband connected system into a support zombie - serving pr0n or SPAM
> | to the world at no cost or risk to the bad-guy. If something goes wrong,
> | the O/P takes the heat, and the bad-guy can't be found. What's new?
> |
> | To the O/P: The mal-ware is going to go for the broadband connection (DSL
> | or Cable - doesn't matter) for the same reason you converted to broadband.
> | Bandwidth. Do you remember how long it took to bring up a single full
> | screen image from someplace on the net over a telephone line? With cable,
> | it comes up just like that! Now, think of the poor spammer trying to
> | deliver that marvelous offer of p*n*s ex**nder pills to every household in
> | Ohio using that same dialin line. Don't you think the spammer would rather
> | use your high speed connection to do the same task, especially when there
> | is no cost to the spammer, and you're the one people want to lynch?
> |
> | Old guy
>
> Malware doesn't care what Internet connectivity you have. It just want's to launch its
> payload which is often Internet related.
>
> It is just that connection to Broadband increases the cahnce of being infected.
>
> Malware will happily infect a DUN connected PC.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

From: "spviking" <Smp928s@gmail.com>

| Yes Moe trin is correct this is what I was referring to. My Cousin uses
| Time Warner's Road Runner here in New York and he got his recent
| Verizon phone bill and found 600 dollars worth of calls to Cameroon,
| Austria and Madagascar. The phone company told him it was likely modem
| hijacking (what Moe Trin described). My cousin does not have his phone
| line plugged into his computer at all and we cant figure out how this
| malware could have effectively charged his phone bill. Sorry I was so
| vague initially.
|
| Thanks again!
|

Yes. There are Trojan Dialers out there that when installed on a computer will place 900 or
"off shore" phone calls to pay for services that can cost $40.00 US per phone call and make
numerous phone calls.

The term "modem hijacking" is non-standard.
Trojan Dialers is the terminology. Those that call 900 number porn content are known as
Porn Dialers.

Now in relation to your original post. Once infected by a Dialer it doesn't make a
difference if you are on Broadband or a Dial-Up (DUN) connection. However if you use DUN,
it will own dial out when you are not using the DUN connection. If you are on Broadband you
would need a traditional Plain Old Telephone System (POTS) modem (such as a FAX/modem).
Cable modems and DSL modems are not traditional modems and can't make telephobne calls.

Good article on Dialers.
http://anti-spyware-review.toptenrev...e-dialers.html

Now if a computer with Broadband has no POTS modem or it has one and NO telephone line is
connected to the modem then a Trojan Dialer is a Red Herring and look to people using the
telephone and not at malware on the PC.

HTH

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Wed, 30 Aug 2006 14:50:30 -0500, ibuprofin@painkiller.example.tld
(Moe Trin) wrote:
[excerpts]
>What would be FAR more likely is the installed mal-ware converts this
>broadband connected system into a support zombie - serving pr0n or SPAM
>to the world at no cost or risk to the bad-guy.

Obviously, from the context, 'pr0n' refers to p-orn-ography. What is
the rationale/explanation behind using this corrupted form.

Could it be because the correctly-spelled terms are picked-up by
filters?

> Now, think of the poor spammer trying to
>deliver that marvelous offer of p*n*s ex**nder pills to every household in

If the reason for omitting the obvious letters is anything more than
simply bypassing filters, let me suggest that one could be more
delicate- if not somewhat witty as well- by simply subsituting
something like, "male enhancement pills".
--
Email address invalid. Please reply to group. Thank you.

Inquirer <reply@group.thanks.invalid> writes:
> On Wed, 30 Aug 2006 14:50:30 -0500, ibuprofin@painkiller.example.tld
> (Moe Trin) wrote:
> [excerpts]
> >What would be FAR more likely is the installed mal-ware converts this
> >broadband connected system into a support zombie - serving pr0n or SPAM
> >to the world at no cost or risk to the bad-guy.
>
> Obviously, from the context, 'pr0n' refers to p-orn-ography. What is
> the rationale/explanation behind using this corrupted form.
>
> Could it be because the correctly-spelled terms are picked-up by
> filters?

http://en.wikipedia.org/wiki/Leet#Pr0n



--
Todd H.
http://www.toddh.net/

David H. Lipman wrote:

> From: "spviking" <Smp928s@gmail.com>
>
> | Yes Moe trin is correct this is what I was referring to. My Cousin uses
> | Time Warner's Road Runner here in New York and he got his recent
> | Verizon phone bill and found 600 dollars worth of calls to Cameroon,
> | Austria and Madagascar. The phone company told him it was likely modem
> | hijacking (what Moe Trin described). My cousin does not have his phone
> | line plugged into his computer at all and we cant figure out how this
> | malware could have effectively charged his phone bill. Sorry I was so
> | vague initially.
> |
> | Thanks again!
> |
>
> Yes. There are Trojan Dialers out there that when installed on a computer will place 900 or
> "off shore" phone calls to pay for services that can cost $40.00 US per phone call and make
> numerous phone calls.
>
> The term "modem hijacking" is non-standard.
> Trojan Dialers is the terminology. Those that call 900 number porn content are known as
> Porn Dialers.
>
> Now in relation to your original post. Once infected by a Dialer it doesn't make a
> difference if you are on Broadband or a Dial-Up (DUN) connection. However if you use DUN,
> it will own dial out when you are not using the DUN connection. If you are on Broadband you
> would need a traditional Plain Old Telephone System (POTS) modem (such as a FAX/modem).
> Cable modems and DSL modems are not traditional modems and can't make telephobne calls.
>
> Good article on Dialers.
> http://anti-spyware-review.toptenrev...e-dialers.html
>
> Now if a computer with Broadband has no POTS modem or it has one and NO telephone line is
> connected to the modem then a Trojan Dialer is a Red Herring and look to people using the
> telephone and not at malware on the PC.
>
> HTH
>

Are there Trojan dialers that have hijacked VoIP on a computer?

On 30 Aug 2006, in the Usenet newsgroup alt.computer.security, in article
<1156991077.174148.288980@74g2000cwt.googlegroups. com>, spviking wrote:

>Yes Moe trin is correct this is what I was referring to. My Cousin uses
>Time Warner's Road Runner here in New York and he got his recent
>Verizon phone bill and found 600 dollars worth of calls to Cameroon,
>Austria and Madagascar.

Let's stop here for a moment. Is this cable-modem? Your original post
said "someone who uses broadband (not dsl)", and unless you are somehow
using RR to also do the long distance telephone service, or VoIP, and there
is no telephone line connected to the computer, then Verizon should not be
involved.

>The phone company told him it was likely modem hijacking (what Moe Trin
>described). My cousin does not have his phone line plugged into his
>computer at all and we cant figure out how this malware could have
>effectively charged his phone bill.

Verizon appears to be assuming that you have a modem and telephone line
connected to it. If this is not the case, contest to charges, and
contact the state public utilities commission (or what-ever state
agency regulates the telephone companies).

Could this have been someone (perhaps a child) calling a 1-900 or 1-976
number?

Old guy

From: "Rick Merrill" <rick0.merrill@NOSPAM.gmail.com>


| Are there Trojan dialers that have hijacked VoIP on a computer?

Good question.

To date, I have not heard any malware using VoIP capabilities in exploitation or as a
payload.

I will have to ask around to some peers...

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Thu, 31 Aug 2006in the Usenet newsgroup alt.computer.security, in article
<9eIJg.5668$N84.4831@trnddc08>, David H. Lipman wrote:

>From: "Rick Merrill" <rick0.merrill@NOSPAM.gmail.com>

>| Are there Trojan dialers that have hijacked VoIP on a computer?
>
>Good question.
>
>To date, I have not heard any malware using VoIP capabilities in
>exploitation or as a payload.

This doesn't smell right. The internet connection the O/P is talking
about is from Road Runner. Why would Verizon be involved? Further, in
the unusual circumstance that Verizon does offer VoIP to Road Runner
customers, wouldn't this appear as a separate billable item on the
Verizon bill?

>I will have to ask around to some peers...

I don't see why hijacking couldn't take place - but the VoIP billing
should come from the VoIP provider, which I would expect to be the
ISP used in this case.

Old guy