Last month, Durban entrepreneur, Tracey Collier, was shocked to find her phone bill dotted with phone calls to Samoa, on occasions when she believed she was dialing out to a local internet service provider.
The culprit was a “rogue dialler” — a spyware variant that surreptitiously loads itself onto your hard drive and changes the default dialup settings that allow you to connect to the internet. The software then mutes the modem’s speaker so you can’t hear the subsequent dial-out sequence that connects your computer to premium numbers around the globe. Some of the numbers offer limited internet access misleading you into believing that you’re just having a bad dial-up day.
“Suddenly we had a slow connection — and it drove us nuts,” says Collier.
“Out of desperation I phoned M-Web. They told me to delete the old connection and make a new connection, and everything was back to normal.”
That was, until she received her phone bill with over a thousand rands worth of phone calls to the South Pacific island, averaging at around R8 a minute. Now Collier is asking why Telkom isn’t protecting or at least warning their customers about this costly phenomenon.
“How long have they known about this? And who is profiting from it?” asked Collier.
Telkom spokesperson, Roshelle Pillay, said although the operator had noted “random and isolated” cases such as Collier’s, she said “it has not emerged as a trend”.
“Sometimes, the existing call into the ISP is disconnected and a new call is launched from the PC via the modem to an international number without the customer being aware of this,” said Pillay.
“Customers using the internet should always read the terms and conditions of websites before accessing information; they need to also be aware that some sites re-route calls to operators that charge higher rates in order to make money.”
Pillay said Telkom could only offer a product, BlockCall Plus, at the customer’s expense, to block some or all international calls.
“The company cannot restrict the use of the internet, nor prescribe what international destinations can or cannot be dialled,” she said.
Telkom’s response will offer little comfort to South Africa’s dial-up users, which number over one million.
Public pressure has prompted international telecommunications companies and regulators to take active steps against the scammers, who usually place the software on pornography and illegal music download sites.
Ireland’s Commission for Communications Regulation has given telecommunications operators in the country until Monday next week to block direct calls to thirteen countries -‒ most of them in the South Pacific islands — after receiving hundreds of complaints from consumers who were affected by the rogue dialers, reported the French news agency AFP.
British telecommunications company BT has also reportedly blocked hundreds of numbers commonly used by the scammers.
M-Web spokesperson, Andre Retief, said the company has not sent out any specific alerts on the threat to its quarter million dial-up subscribers. “We’re not going to send out a general panic alert to 250 000 people, because the reality is that this is one incident. I know of no other at this point in time.”
He said their technical staff were “well-equipped” to deal with the problem on a case-by-case basis.
Retief said spyware loads itself into “the heart of somebody’s machine”, the system registry, making the removal process complicated and sometimes damaging.
“Yes we want to help the person, but we don’t want to take responsibility for them downloading an application that we say has all the bells and the whistles, fixes their malicious intent problems but breaks a few other applications on the machine.”
According to Retief, his company will soon introduce a web-based scanner which will identify spyware threats, and then direct users to appropriate software to solve the problem.
South African internet law expert, Reinhardt Buys, said in most cases neither the telecommunications provider nor the ISP is legally liable for costs incurred by rogue dialers.
“If an end user applies for a telephone line or internet access, he or she generally agrees to certain terms and conditions. These generally include provisions that the service provider will not be liable for damages related to the use of the service,” said Buys.
He said ISPs are also legally protected by the Electronic Communications and Transactions (ECT) Act. According to Section 78, said Buys, “there is no general legal obligation on an ISP to actively seek evidence of unlawful activity”.
However, ISPs may have to take a more active role in the future.
“The Department of Communications recently issued the proposed regulations that will govern the limited liability of ISPs for public comment. These regulations contain many provisions that seem to indicate that an ISP does have a duty to warn and inform its clients about risks such as rogue dialers,” said Buys.
Webmaster for the Internet Service Providers Association, Bretton Vine, said the association, which represents more than 82 South African ISPs, is aware of “similar problems around the world”.
“Many members already try and educate clients on the value of installing anti-virus software and using tools such as Spybot or Adaware to remove spyware, malware, adware and other programs such as dialers.”
“A search at http://www.google.com for “spyware removal” will generate a lot of results to programs [commercial and free] which can improve the security of a user’s computer.”
“Regular updating of antivirus databases and installing operating system updates is essential too.”
Users should also check their dialup settings to ensure their ISP phone number hasn’t been changed by the malicious software.