Dialer Trojan (From Austria)

A

Anonymous

Hello everybody, I hope this message is at correct area / forum.

Just found out that people I know got nice extra to phone bill (€400).. It was caused by some sort of dialer trojan. By my information it called to: 004382088882017

The number +43-820-88882017 belongs according to the Austrian telecom regulator to a company named Interpay AG, Am Bühel 1, FL-9490 Mauren, Liechtenstein.

Please - Any information related on this would help me. Where it is from, is there any way to get my hands on who gets the money ? How is this trojan distributed ? Etc. Etc.

This trojan created few (x-rated) icons on desktop / cut current connection / changed default dial-in settings to point out that number..

The trojan was already cleaned before I got my hands on that computer so I did not get any first hand information..

I will add more info if I can find out.

- Janne Pekkala / Finland
 
(if something's written in blue it means that it contains a link you can reach by clicking on the blue writing)
Janne schrieb:
is there any way to get my hands on who gets the money ?
Zum Vergrößern anklicken....
If you are in Austria you could make a complaint at rtr.at, maybe here arbitration board (?) for Austrian Telecom Affairs (they seem to have an english version of their homepage - but it doesn't work).

If you just want to know something about the "very honourable companies" you are dealing with, it's easier to get someone who is able to understand German and read the following topic here: click on the blue writing and read here and the following postings, and if you are a bit into the topic later, come back and read this one...
The company who is the owner of the number is a partner to "Telekom Austria"...
In Germany we would call that "Stallgeruch", in English I'd put it like that: "They are all from the same stable" ;)

The company you have mentioned (Interpay AG) seems to belong to a kind of "holding" (Intertele Group), and they do not like to be mentioned in this forum here ;) So don't be surprised if someone is deleting some words in your posting ;)
see:
http://www.dialerschutz.de/aktuelles.php?action=output&id=203
Dialerschutz schrieb:
Indes bleiben auch nach der Presseerklärung der Newlines AG noch Fragen offen: Etwa die, warum eine aktualisierte Version des betreffenden Dialers weiterhin von einem Webserver aus dem Adressblock der Svenska Let to Phone heruntergeladen wird, und nun etliche Auslands- und Satellitenrufnummern verwendet. Darunter ist auch eine österreichische Mehrwertrufnummer +43-820-82018987, die laut Datenbank des österreichischen Regulierers durch die Interpay AG betrieben wird, einem Schwesterunternehmen der Newlines AG. Dialer müssen in Österreich seit 1. Oktober zwingend die Vorwahl 939 verwenden.
Zum Vergrößern anklicken....
(In Germany there have been cases in which - as the company involved declares - "somebody else" changed the dialer of that company. They made a press statement but I do not find an english version, so please read here in German:
http://www.finanznachrichten.de/nachrichten-2004-10/artikel-3993669.asp
or here:
http://forum.computerbetrug.de/viewtopic.php?t=7851
the statement above is from the makers of that forum here and they mention, that Dialers are used by a swedish company [with a horrible reputation in my opinion] and that they use a.o. Austrian Premium Rates NUmbers belonging to "Interpay AG")

The most important information for you may be, that it is not allowed to use numbers not beginning with "939" for internet billing in Austria from October, 1st 2004 on!
If you need more assistance, I'd need more information first ;)

I would take your story and get in touch with the ORF (Austrian Broadcasting), they have some stories about Preium Rate Services at the moment.

see:
http://help.orf.at/?area=kontakt

Best wishes to you
aka
 
Thanks for that information you provided. It seems like we got the Finlands police interested about this and what you wrote can be very usefull..

- Janne Pekkala / Finland
 
Zurück
Oben