On Sun, 19 Oct 2003 15:17:33 -0400, BoB <me@privacy.net> wrote:

>Noticed this msg in another NG today.
>______________________________
>quote
>I wanted the latest version of Winzip and Googled accordingly.
>Received a list of sites and went for the "Free Downloads".
>Got to a site called 1000downloads.co.uk
>Clicked on 'download Winzip9'.
>
>My internet connection to my ISP was immediately terminated and was
>reconnected to a new one with the premium number of 09097927979.
>There was even a new entry in my Dial Up Networking folder and a
>shortcut on my desktop.
>
>There was no indication of their call charges but at say, £1 per
>minute, a thirty minute "free download" could be quite expensive.
>I feel that an inexperienced user could be seriously conned.
>end quote
>___________________
>
>Someone mentioned megadownloads.com was a place to stay away from
>and that they do show at the top of the site that they are a pay
>site, 1.5 euros per minute, dialer - but in small letters.
>
>Neither megadownloads nor 1000downloads are presently listed in
>either my 126k or 581k HOSTS file. Neither are listed in IE-SpyAd
>for the IE restricted sites list. Shouldn't they be or is this just
>"surfer beware"?
>
>BoB
>For the duration of Swen, my address is inoperative.

It is a dialer/hijacker called WebTelecom. There are so many of these
things that's it's hard to keep the names straight, so I don't know if
SpyBot or Ad-Aware identify it. I will send them a submission. In the
meantime, make sure that you do not pay those charges and inform the
phone company of the situation. If you need help removing the dialer,
post back here.

Yes, it's a case of "surfer beware". Your other options are to take
legal action against the site and maker of the trojan or push for
legislation against this stuff.

If you're more concerned about the here-and-now, the best thing you
can do to enhance your security is to use another browser -- anything
but Internet Explorer; that puts virtually all the dialers and
hijackers to bed. Add www.megadownloads, 1000downloads.co.uk, and also
the following line to your HOSTS file:

127.0.0.1 www.sponsoradulto.com

Forget about using Spyad -- it provides no appreciable security, since
it mostly duplicates (but does not block) what's already on HOSTS
anyway.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 et yahoo dot com