TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
This is forwarded from another board but covers the details of what you have
probably encountered.
-----Original Message-----
From: Tito C [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 23, 2000 02:59
To: [EMAIL PROTECTED]
Subject: Re: Aureate Spies on You
As soon as i got this email I checked it on my system.I have installed 3 of
the offending applications (calypso email,cuteftp,3d-ftp) and I have found
some of the .dll�s installed on my system too.
I started checking and sure enough,as soon as I opened my browser I checked
netstat and I got this connection establiushed:
Connection Information
IP:216.37.13.140
Hostname:ad2-1.aureate.com
Local Port:2651
Remote Port: 1975
Protocol:TCP
Status Code:Established
Status Description: Connection has been established, connection is active
What got my attention was that the port changes from the one especified on
Dale Haag�s original email.
===============================================
|| Tito_C
||
|| www.hven.com.ve
||
|| [EMAIL PROTECTED]
||
|| PGP Key ID: 0x6DD1A00F
||
===============================================
*********** REPLY SEPARATOR ***********
On 23/02/2000 at 09:14 AM MJE wrote:
>Forwarded from another list -- anyone know about this Aureate spying stuff?
>Be sure to check the list of apps that allegedly contain this code -- it's
>at the bottom of the message.
>
>MJE
>
>
>
>> -----Original Message-----
>> From: Edward (Ted) Burton [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, February 21, 2000 2:02 PM
>> To: Lawyers and the Internet
>> Cc: Craighead, Paula
>> Subject: [NET-LAWYERS] Aureate Spy
>>
>>
>> While I am not a Windows user, the following information has popped
>> up on the LawTech list and is of some interest to attorneys who wish
>> to not leave a paper trail out there on the Internet for commercial
>> use by others.
>>
>> According to Dale Haag, <[EMAIL PROTECTED]>
>>
>> The following is a listing of all software known to install the
>> Aureate spy on your system. The Aureate spy keeps track of your
>> Internet activities and sends a report to Aureate every time you open
>> your browser. The Aureate spy places the following files on a Windows
>> machine. [It is not known, yet, to affect Macintosh or Linux
>> machines.]
>>
>> The installed files are some or all of:
>>
>> adimage.dll
>> advert.dll
>> advpack.dll
>> amcis.dll
>> amcis2.dll
>> amcompat.tlb
>> amstream.dll
>> anadsc.ocx
>> anadscb.ocx
>> htmdeng.exe
>> ipcclient.dll
>> msipcsv.exe
>> tfde.dll
>>
>>
>> ========== ========== ========== ==========
>> Dale said:
>>
>> OK folks, living up to my reputation as a "bulldog" when I get my
>> teeth into something, I have been busy "reviewing" the contents and
>> code contained in the DLL's that Aureate makes use of. Here are a
>> few of my findings up to this point:
>>
>> advert.dll
>> =======
>>
>> This DLL creates a hidden window every time you open your browser. It
>> creates and sends 4 pages of information to the Aureate servers using
>> port 1749 on your system, these pages include:
>>
>> 1. Your name as listed in the system registry ( not the name you
>> installed one of the programs with )
>> 2. Your IP address
>> 3. The reverse DNS match of your address. ( tells them what ISP and
>> area of country you are in )
>> 4. A listing of ALL software that is shown in your registry as being
>> installed. ( Not just the companies they work with )
>> 5. This DLL sends the following information to their server on all
>> URL's you visit:
>> A.) ad banners you may click on
>> B.) all downloads you do showing the filename/file
>> size/date/time/type of file(image, zip,executable, etc)
>> C.) full time and date stamps of all your actions while
>> using your
>> browser
>> D.) the remote dialup number you are dialing in on (taken out of
>> your dialer configuration)
>> E.) dialup password if saved, does not "appear" at first glance
>> to send this through to them.
>> 6. Contains programmers note: "Show me the money! I want to
>> be Mike!"
>>
>>
>> advpack.dll
>> =========
>>
>> Used during the installation only to check for other needed files.
>> amcis.dll
>> =======
>>
>> This DLL modifies the following registry keys:
>> 1. HKEY_CURRENT_CONFIG
>> 2. HKEY_DYN_DATA
>> 3. HKEY_PERFORMANCE_DATA
>> 4. HKEY_USERS
>> 5. HKEY_LOCAL_MACHINE
>> 6. HKEY_CURRENT_USER
>> 7. HKEY_CLASSES_ROOT
>>
>> Unregisterss oleaut32.dll from memory as provided by M$oft and
>> replaces with its own calls. Switches back to M$oft's when browser is
>> closed. Creates stub processes to be started anytime your browser is
>> opened.
>>
>>
>> amcompat.tlb
>> ===========
>>
>> This guy tracks any multimedia clips ( video/pictures/sound ) that
>> you view It tracks the rating level on the video/picture/sound and
>> title / location Contains references to DblClick ( still digging on
>> this one! )
>>
>>
>> amstream.dll
>> ==========
>>
>> Setups TWO way communications between your system and theirs.
>> Used to send info and receive update commands/files
>> Open port 1749 for communications
>>
>> ==================================================
>>
>> The programs that are known to install the Aureate spy are:
>>
>> 123Search
>> 3d Anarchy
>> 3D-FTP
>> 3rd block
>> Abe's FTP Client
>> Abe's Image Viewer
>> Abe's MP3 Finder
>> Abe's Picture Finder
>> Abe's SMB Client
>> Access Diver III
>> Acorn Email
>> AcqURL
>> ActionOutline Light 1.6
>> Active 'Net
>> Add URL
>> Add/Remove Plus!
>> Address Rover 98
>> Admiral VirusScanner
>> Advanced Call Center
>> Advanced Maillist Verify
>> AdWizard
>> Alive and Kicking
>> alphaScape QuickPaste
>> ASP1-A3
>> Auction Explorer
>> Aureate Group Mail
>> Aureate SpamKiller
>> AutoFTP PRO
>> AutoWeb
>> AxelCD
>> Beatle
>> Binary Boy
>> BinaryVortex
>> Blue Engine
>> BookSmith : Original
>> buddyPhone 2
>> Calypso E-mail
>> CamGrab
>> Capture Express 2000
>> Cascoly Screensaver
>> CDDB-Reader
>> CDMaster32
>> ChanStat
>> Charity Banner
>> Cheat Machine
>> Check4New
>> ChinMail
>> Clabra clipboard viewer
>> Classic Peg Solitaire
>> ComTry Music Downloader
>> Crystal FTP
>> CSE HTML Validator Lite
>> CuteFTP 3.0
>> CuteFTP 3.0
>> CuteFTP/Tripod
>> CuteMX
>> CutePage
>> Danzig Pref Engine
>> DateTime
>> Delphi Component Test
>> Delphi Tester
>> Dialer 2000
>> DigiBand NewsWatch
>> DigiCams - The WebCam Viewer
>> Digital Postman
>> DirectUpdate
>> DL-Mail Pro 2000
>> DNScape
>> Doorbell 1.18
>> Download Minder 1.5
>> Download Wonder
>> DownLoader v.1.1
>> Dwyco Video Conferencing
>> EasySeeker
>> EmmaSoft ChatCat
>> EmmaSoft dBrow
>> EmmaSoft KeepLan
>> EmmaSoft Soundz
>> EnvoyMail
>> EZ-Forms FREE
>> File Mag-Net
>> FileSplit
>> Folder Guard Jr.
>> FourTimes
>> Free Picture Harvester
>> Free Solitaire
>> Free Spades
>> Free Submitter Pro
>> FreeImageEditor
>> FreeIRC
>> FreeNotePad
>> FreeSite
>> FreeWebBrowser
>> FreeWebMail
>> FreeZip!
>> FTPEditor
>> GetRight
>> Go!Zilla
>> Go!Zilla WebAttack
>> GovernMail
>> Grafula
>> Gunther's PasswordSentry
>> HangWeb
>> hesci Private Label
>> HTML Translator
>> HTTP Proxy-Spy
>> Huey v1.8 Color Picker
>> Iban Technologies IP Tools 3.1
>> Idyle GimmIP
>> Idyle GimmIP
>> iFind Graphics
>> imageN
>> Infinite Patience
>> InfoBlast
>> InnovaClub
>> InstallZIP
>> Internet Tree
>> Internetrix
>> InterWebWord Companion
>> JetCar
>> JFK Research
>> jIRC
>> JOC Email Checker
>> JOC Web Finder
>> JOC Web Spider
>> KVT Diplom
>> LapLink FTP
>> LineSoft Download
>> LOL Chat
>> LOL Chat
>> Mail Them
>> Meracl FontMap
>> Meracl ImageMap Generator
>> Midnight Oil Solitaire
>> MirNik Internet Finder
>> More Space 99
>> MouseAssist
>> MP3 Album Finder
>> MP3 Fiend
>> MP3 Grouppie
>> MP3 Mag-Net
>> MP3 Renamer
>> Mp3 Stream Recorder
>> MP3INFO-Editor
>> MultiSender
>> Music Genie
>> MX Inspector BIG AD
>> My Genie Patriots
>> My Genie SE
>> My GetRight
>> NeatFTP
>> Net CB
>> Net Scan 2000
>> Net Vampire
>> Net-A-Car Feature Car Screensaver
>> NetAnts
>> NetBoard
>> Netbus Pro 2.10
>> NetCaptor 5.0
>> Netman Downloader
>> NetNak
>> NetSuck 3.10.5
>> NetTime Thingy
>> Network Assistant
>> NeuroStock
>> NewsBin
>> NewsShark
>> NewsWire
>> NfoNak
>> NotePads+
>> Notificator 1.0b
>> Octopus
>> Pattern Book
>> People Seek 98
>> Personal Search Agent
>> Photocopier
>> PicPluck
>> Pictures In News
>> Ping Thingy
>> PingMaster
>> Planet.Billboard
>> Planet.MP3Find
>> PMS
>> ProtectX 3
>> ProxyChecker
>> QuadSucker/Web
>> Quadzle Puzzles
>> QuikLink Autobot
>> QuikLink Explorer
>> QuikLink Explorer Gold Edition
>> QuoteWatch
>> QWallet
>> Real Estate Web Site Creator
>> Recipe Review
>> ReGet 1.6
>> Resume Detective
>> RingSurf
>> RoboCam 1.10
>> Rosemary's Weird Web World
>> SaberQuest Page Burner
>> SBJV
>> SBWcc
>> Scout's Game
>> ScreenFIRE
>> ScreenFIRE - FileKing
>> ScreenFlavors
>> Sea Battle
>> Shizzam
>> Simple Submit
>> SimpleFind
>> SimpleSubmit v1.0
>> SK-111
>> Smart 'n Sticky
>> SmartBoard 200 FREE Edition
>> SmartSum calculator
>> SonicMail
>> Sound Agent
>> Space Central Screen Saver
>> Splash! Siterave
>> StartDrive
>> Static FTP
>> StockBrowser
>> Subscriber
>> SunEdit 2K
>> SuperIDE
>> Sweep
>> SweepsWinner
>> Text Transmogrifier
>> The Mapper
>> TheNet
>> TI-FindMail
>> TIFNY
>> Total Finger
>> Total Whois
>> Tracking The Eye
>> Trade Site Creator
>> TWinExplorer Standard
>> TypeWriter 1.0
>> UK Phone Codes
>> Vagabond's Realm
>> VeriMP3
>> Vertigo QSearch
>> Virtual Access
>> Visual Cyberadio
>> Visual Surfer
>> VOG Backgammon Main
>> VOG Backgammon Table
>> VOG Chess Main
>> VOG Chess Table
>> VOG Reversi Main
>> VOG Reversi Table
>> VOG Shell
>> VOG Shell
>> VOG Shell History
>> W3Filer
>> Web Coupon
>> Web Page Authoring Software
>> Web Registrant PRO
>> Web Resume
>> Web SurfACE
>> WEB2SMS
>> WebCamVCR
>> WebCopier
>> Web-N-Force
>> WebSaver
>> Website Manager
>> WebStripper
>> WebType
>> WhoIs Thingy
>> Win A Lotto
>> WinEdit 2000
>> Word+
>> Wordwright
>> WorldChat Client
>> Worm
>> www.devgames.com
>> xBlock
>> Your ESP Test
>> Zion
>> Zip Express 2000
>>
>> _________________________________________
>> List Owner: Lewis Rose, [EMAIL PROTECTED]
>> Web Site: http://www.net-lawyers.org
>> Archives: http://eva.dc.lsoft.com/Archives/net-lawyers.html
>>
>> http://www.prairielaw.com "The #1 law destination..."
>> Participate in our
>> message
>> boards, e-mail discussion groups, and chats. Network with other legal
>> professionals; get opinions from experts; offer assistance to
>> consumers.
>>
>
>_____________________________________________________________________
>** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
>** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
>SEND ALL COMMANDS TO: [EMAIL PROTECTED]
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: [EMAIL PROTECTED]
