WebTV/MSNTV Virus Dials 911

Semji Rkim writes: "Though not the first virus to direct modems at 911, ABC News is reporting a bug in WebTV (Now branded as MSNTV) units which causes the infected unit to hang-up and dial 911. The virus spreads via email and Microsoft officials are looking into how it is able to replicate and also control the modem. Affected users are advised to delete the email and call Microsoft at 1-800-469-3288."

How much longer until 1-900?

[magicsquid]

How much longer will it be before unscrupulous 900 number operators enlist people to alter this virus to make it dial their numbers? Given that it takes a month to get a phone bill, the culprits can close up shop and move on long before anyone even realizes there is a probem...

Re:How much longer until 1-900?

[brain-in-a-box]

In Germany there is already a huge problem with dialer programs which try to sneak themselves into your system and replace your default dial-up connection with an expensive 0198 etc numbers. There were programs which caused 200 Euro to be charged per dial-in.
However these program come as some kind of trojan, usually springing up some "accept box" (only on install). However, these boxes often don't say that an expensive connection will be created - sometimes they even claim to be a "screensaver update"

Re:This is serious

[Henry+V+.009]

Under the new hacking legislation reported in slashdot earlier, could this make the creator liable for the death penalty?

Why not...

[curunir]

...just have the MSNTV units call the 1-800-469-3288 number directly.

Why don't the people who write viruses ever have a sense of humor?

Its very simple to do this...

[Critical_]

I don't know the exact in's-and-out's of the webtv e-mail system but back in the BBS days, we used to send each other (amongst friends) DOS TSR's that would be disguised as a trusted executable file for a legit program. The person would run it and hang up their modem used ATH0. And dial out numbers using ATDT. To get rid of it, they would have to reboot using a bootdisk since the TSR would be in their autoexec.bat file. Anyway, the point is that this method of modem-"hacking" is very easy to do and shouldn't be tough to adapt for the modern day webtv.

A part of me actually finds the idea of Microsoft being held liable for the 911 calls pretty amusing. But the reality is that it costs money and unfortunately it could cost lives. I hope all of you people make sure to tell your moms/dads/grandparents/spouses/friends/etc. to disconnect their boxes from the phones lines.

Re:This is serious

[murphj]

Quoted from parent's link:

The patent was a "submarine" patent -- that is, one that issues long after others in the industry have begun using the same technique or technology ... The patent involved the timing of the escape sequence: The characters "+++" followed by a 1-second pause. To get around the patent, some modem vendors simply eliminated the pause, so that the sequence +++AT would bring the modem back to command mode in all cases.

It's interesting that the only reason this works is that Hayes pulled the same trick Forgent is trying with JPEG.

Re:ATH0

[toastyman]

What's really amusing....

Back when this was first "discovered", I was one of the people on Bugtraq discussing how this could be exploited.

I very stupidly posted what I typed to knock myself off, with my real nickname included: //raw NOTICE ToastyMan : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1)

For the longest time, I couldn't sign on IRC on any major network without someone actually typing that verbatim, and sending that to me.

In the past couple of years I've received thousands of those. Kinda funny. :)