Site hosted by Build your free website today!

A nasty new scam uncovered


At least two different adult sites have been found to use an extremely aggressive and devious method to attempt to infiltrate the systems of those who use Microsoft's Internet Explorer. By using a combination of Javascript (referred to by Microsoft as Activescript) and ActiveX controls (not to be confused with Activescript) the site can, depending on your ActiveX options, cause your browser to download AND open a dialer program without your explicit permission. These dialers, as explained elsewhere at this site, replace your normal ISP's number with that of an overseas or 1-900 number, with stratospheric call-rates of $7 per minute and over.

Furthermore, while the program eventually presents a window with small print asking confirmation (no doubt the programmers were mindful of legal issues), by this stage it has already silently and stealthily performed three nasty actions. The first is to copy the dialer's EXE file to your c:\windows\desktop directory (folder). It then inserts clickable links to this EXE file by adding 2 icons called 'RatedXXX', one on your desktop, the other in your Start menu (the Start menu is not to be confused with your Start-up folder). Both are easily killed with a Right-click and Delete.

While disabling Javascript/Activescript can in this particular case prevent the scam, I recommend disabling ActiveX as well, while surfing adult sites, by the following method (assuming IE version 5.x).

1/ Select Tools -> Internet Options -> Security -> Custom Level

2/ Select 'Disable' for the first 5 items, which should correspond to these:

   'Download signed ActiveX controls'
   'Download unsigned ActiveX controls'
   'Initialize and script ActiveX controls not marked as safe'
   'Run ActiveX controls and plug-ins'
   'Script ActiveX controls marked safe for scripting'

Note  - You can select 'Prompt' instead of 'Disable' for these options, which will pop-up a Yes/No permission window each time the website attempts an ActiveX function. This might be preferable if you surf non-adult sites at the same time as adult sites. ActiveX is often used by non-adult sites for Flash animation, among other effects.

3/ Click OK for the 2 windows.


Footnote 1 - Should you ever see a window similar to that below while at an adult site (which in the case above is merely the 'front-end loader' for the dialer EXE file, which you would only see if your ActiveX options are set to 'Prompt' instead of 'Enable', and is not the same as the confirmation window mentioned above), I strongly advise you click 'No' and NOT proceed with the installation, despite the claims in the window that "XYZ asserts that the content is safe"

Note the 'Security Warning' in the title bar at top.
Window shown at reduced size.

(Thanks to z for pointing out this scam)

Footnote 2 - Some dialers and so-called adult 'Browser Enhancements' which have downloaded and installed themselves in Internet Explorer as ActiveX controls may show up by this method:

1/ Select Tools -> Internet Options -> Settings -> View Objects

2/ Select View -> Details

3/ Double click each item in the Program File column. Be suspicious if you see the word 'dialer' in one of the fields of the General tab, or if there are very few or no details in the fields of the Version tab.

For details on deleting an ActiveX control, click here

- The company whose name appears in the dialog box asserting that "the contents are safe" (Niteline Media) seem to have had a slight run-in with the FTC a few years ago. Click here and here  for details.