Dialer.DialPlatform

CGI scripts that are found on some pornographic Web sites call Dialer.DialPlatform.

If you go to these sites, the dialer will immediately run and use the modem to dial a high-cost number, which gives access to pornographic material.


When Dialer.DialPlatform is installed, it does the following:

1. Creates the following files:
   
   • %Windir%\system\Loader.dll
   • %UserProfile%\Local Settings\Temp\[random eight letter name].exe
     
     Note:
   • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
   • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
     
     
2. Creates the registry subkeys:
   
   HKEY_LOCAL_MACHINE\Software\PTSSA
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E246FAE-8420-11D9-870D-000C2917DE7F}
   HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}

Summary