Parasite: MasterDialer

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

An ActiveX installer control for premium-rate phone diallers.

Variants

MasterDialer/AXDownload: installs AXDownload.dll; MasterDialer/WebInstall: installs webinstall.ocx; MasterDialer/WebUpdate: install webupdate.ocx.

Also known as

MasterConnector.

Distribution

Installed by ActiveX drive-by-download on a pop-up window that imitates a Windows software installation dialogue, from web pages operated by Firstway Medien GmbH and COMFIX newMedia.

The software may claim to be a webcam viewer, chat program or eDonkey, depending on the site.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes. Any web page can direct it to install any executable code.

To work, the control needs a ‘key’ parameter, which theoretically only its owners can generate, to authorise the installation of code from a particular URL. However this key looks weak (it seems to be an ad hoc checksum rather than a proper cryptographic signature), so it’s probably possible for any web page at all to install whatever code it likes.

Stability problems

No.

Removal

Open the Downloaded Program Files folder inside the Windows folder, and delete the control called ‘Main class’ (AXDownload), ‘WebInstall’ or ‘WebUpdate’.