Autor: Robert Jezierski (robert_at_xion.pl)
Data: Sat 01 Apr 2000 - 22:31:27 MET DST
Skoro kiedyś ostrzegałem Was przed niebezpieczeństwami swobodnego wędrowania
po internecie (wprawdzie 'wierszem' - jednak było to całkiem "na poważnie")
czuję się teraz w obowiązku SKOMENTOWAĆ pewien BARDZO WAŻNY DLA WSZYSTKICH
FAKT, który zapewne wielu z Was zasmuci i zaskoczy...
Jeśli ktoś z Was czyteł w Dodatku KOMPUTER we wtorkowej Gazecie Wyborczej
artykuł Pana Stanucha na temat AFERY z oprogramowaniem firmy AUREATE i sądzi,
że problem dotyczy jedynie amerykańskiej demokracji, to INFORMUJĘ, że spora
liczba z WAS jest niestety przedmiotem nieustannej analizy i badań!!!
PLIKI SZPIEGUJĄCE WASZE RUCHY W INTERNECIE instalowane są przez MASĘ PROGRAMÓW!
===============================================================================
Okazało się, że nawet GETRIGHT, którego często używam JEST MOIM WROGIEM :-((((
Sam u siebie znalazłem te kilka FATALNYCH PLIKÓW, więc skoro uważam się za
osobę przeczuloną na punkcie WOLNOŚCI i PRYWATNOŚCI oraz chronię się, jak
potrafię najlepiej A MIMO TO NIE OCHRONIŁEM SIĘ DO KOŃCA, więc cóż...
Pomogłem sobie... zatem pora pomóc także WAM, którzy nieraz pomagaliście mi...
Na szczęście MAM ANTIDOTUM (dzięki uprzejmości zagranicznych przyjaciół)
Chętnie się z Wami podzielę, o ile uznacie, że jest Wam potrzebne (PLIK
PROGRAMU WYKRYWAJĄCY I USUWAJĄCY SZPIEGÓW Z SYSTEMU ma tylko 190 kB)...
Proszę o NIEWYSYŁANIE próśb NA PRIVA, proszę JEDYNIE podać swoje namiary
w tym wątku i jedynie na grupie PL.COMP.SECURITY
==============================================================================
OTO OPIS SYTUACJI (niestety tylko po angielsku...) oraz lista FERALNYCH PLIKÓW
==============================================================================
"The following is a listing of all software known to install the Aureate spy
on your system. The Aureate spy keeps track of your Internet activities and
sends a report to Aureate every time you open your browser. The Aureate spy
places the following files on a Windows machine. [It is not known, yet,
to affect Macintosh or Linux machines.]
The installed files are some or all of:
=> adimage.dll
=> advert.dll
=> advpack.dll
=> amcis.dll
=> amcis2.dll
=> amcompat.tlb
=> amstream.dll
=> anadsc.ocx
=> anadscb.ocx
=> htmdeng.exe
=> ipcclient.dll
=> msipcsv.exe
=> tfde.dll
Here is a review of the contents and code contained in the DLL's that Aureate
makes use of. Here are a few of my findings up to this point:
advert.dll
==========
This DLL creates a hidden window every time you open your browser. It
creates and sends 4 pages of information to the Aureate servers using
port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you
installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and
area of country you are in )
4. A listing of ALL software that is shown in your registry as being
installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all
URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file
size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while using your browser
D.) the remote dialup number you are dialing in on (taken out of your dialer
configuration)
E.) dialup password if saved, does not "appear" at first glance to send
this through to them.
6. Contains programmers note: "Show me the money! I want to be Mike!"
advpack.dll
===========
Used during the installation only to check for other needed files.
amcis.dll
=========
This DLL modifies the following registry keys:
1. HKEY_CURRENT_CONFIG
2. HKEY_DYN_DATA
3. HKEY_PERFORMANCE_DATA
4. HKEY_USERS
5. HKEY_LOCAL_MACHINE
6. HKEY_CURRENT_USER
7. HKEY_CLASSES_ROOT
Unregisterss oleaut32.dll from memory as provided by M$oft and replaces
with its own calls. Switches back to M$oft's when browser is closed.
Creates stub processes to be started anytime your browser is opened.
amcompat.tlb
===========
This guy tracks any multimedia clips ( video/pictures/sound ) that you view
It tracks the rating level on the video/picture/sound and title / location
Contains references to DblClick (still digging on this one!)
amstream.dll
==========
Setups TWO way communications between your system and theirs.
Used to send info and receive update commands/files
Open port 1749 for communications
==============================================================================
TEN KTO UŻYWA PROGRAMÓW z PONIŻSZEJ LISTY NIE JEST już ANONIMOWY i BEZPIECZNY:
==============================================================================
=> 123Search
=> 3d Anarchy
=> 3D-FTP
=> 3rd block
=> Abe's FTP Client
=> Abe's Image Viewer
=> Abe's MP3 Finder
=> Abe's Picture Finder
=> Abe's SMB Client
=> Access Diver III
=> Acorn Email
=> AcqURL
=> ActionOutline Light 1.6
=> Active 'Net
=> Add URL
=> Add/Remove Plus!
=> Address Rover 98
=> Admiral VirusScanner
=> Advanced Call Center
=> Advanced Maillist Verify
=> AdWizard
=> Alive and Kicking
=> alphaScape QuickPaste
=> ASP1-A3
=> Auction Explorer
=> Aureate Group Mail
=> Aureate SpamKiller
=> AutoFTP PRO
=> AutoWeb
=> AxelCD
=> Beatle
=> Binary Boy
=> BinaryVortex
=> Blue Engine
=> BookSmith : Original
=> buddyPhone 2
=> Calypso E-mail
=> CamGrab
=> Capture Express 2000
=> Cascoly Screensaver
=> CDDB-Reader
=> CDMaster32
=> ChanStat
=> Charity Banner
=> Cheat Machine
=> Check4New
=> ChinMail
=> Clabra clipboard viewer
=> Classic Peg Solitaire
=> ComTry Music Downloader
=> Crystal FTP
=> CSE HTML Validator Lite
=> CuteFTP 3.0
=> CuteFTP/Tripod
=> CuteMX
=> CutePage
=> Danzig Pref Engine
=> DateTime
=> Delphi Component Test
=> Delphi Tester
=> Dialer 2000
=> DigiBand NewsWatch
=> DigiCams - The WebCam Viewer
=> Digital Postman
=> DirectUpdate
=> DL-Mail Pro 2000
=> DNScape
=> Doorbell 1.18
=> Download Minder 1.5
=> Download Wonder
=> DownLoader v.1.1
=> Dwyco Video Conferencing
=> EasySeeker
=> EmmaSoft ChatCat
=> EmmaSoft dBrow
=> EmmaSoft KeepLan
=> EmmaSoft Soundz
=> EnvoyMail
=> EZ-Forms FREE
=> File Mag-Net
=> FileSplit
=> Folder Guard Jr.
=> FourTimes
=> Free Picture Harvester
=> Free Solitaire
=> Free Spades
=> Free Submitter Pro
=> FreeImageEditor
=> FreeIRC
=> FreeNotePad
=> FreeSite
=> FreeWebBrowser
=> FreeWebMail
=> FreeZip!
=> FTPEditor
=> GetRight
=> Go!Zilla
=> Go!Zilla WebAttack
=> GovernMail
=> Grafula
=> Gunther's PasswordSentry
=> HangWeb
=> hesci Private Label
=> HTML Translator
=> HTTP Proxy-Spy
=> Huey v1.8 Color Picker
=> Iban Technologies IP Tools 3.1
=> Idyle GimmIP
=> iFind Graphics
=> imageN
=> Infinite Patience
=> InfoBlast
=> InnovaClub
=> InstallZIP
=> Internet Tree
=> Internetrix
=> InterWebWord Companion
=> JetCar
=> JFK Research
=> jIRC
=> JOC Email Checker
=> JOC Web Finder
=> JOC Web Spider
=> KVT Diplom
=> LapLink FTP
=> LineSoft Download
=> LOL Chat
=> Mail Them
=> Meracl FontMap
=> Meracl ImageMap Generator
=> Midnight Oil Solitaire
=> MirNik Internet Finder
=> More Space 99
=> MouseAssist
=> MP3 Album Finder
=> MP3 Fiend
=> MP3 Grouppie
=> MP3 Mag-Net
=> MP3 Renamer
=> Mp3 Stream Recorder
=> MP3INFO-Editor
=> MultiSender
=> Music Genie
=> MX Inspector BIG AD
=> My Genie Patriots
=> My Genie SE
=> My GetRight
=> NeatFTP
=> Net CB
=> Net Scan 2000
=> Net Vampire
=> Net-A-Car Feature Car Screensaver
=> NetAnts
=> NetBoard
=> Netbus Pro 2.10
=> NetCaptor 5.0
=> Netman Downloader
=> NetNak
=> NetSuck 3.10.5
=> NetTime Thingy
=> Network Assistant
=> NeuroStock
=> NewsBin
=> NewsShark
=> NewsWire
=> NfoNak
=> NotePads+
=> Notificator 1.0b
=> Octopus
=> Pattern Book
=> People Seek 98
=> Personal Search Agent
=> Photocopier
=> PicPluck
=> Pictures In News
=> Ping Thingy
=> PingMaster
=> Planet.Billboard
=> Planet.MP3Find
=> PMS
=> ProtectX 3
=> ProxyChecker
=> QuadSucker/Web
=> Quadzle Puzzles
=> QuikLink Autobot
=> QuikLink Explorer
=> QuikLink Explorer Gold Edition
=> QuoteWatch
=> QWallet
=> Real Estate Web Site Creator
=> Recipe Review
=> ReGet 1.6
=> Resume Detective
=> RingSurf
=> RoboCam 1.10
=> Rosemary's Weird Web World
=> SaberQuest Page Burner
=> SBJV
=> SBWcc
=> Scout's Game
=> ScreenFIRE
=> ScreenFIRE - FileKing
=> ScreenFlavors
=> Sea Battle
=> Shizzam
=> Simple Submit
=> SimpleFind
=> SimpleSubmit v1.0
=> SK-111
=> Smart 'n Sticky
=> SmartBoard 200 FREE Edition
=> SmartSum calculator
=> SonicMail
=> Sound Agent
=> Space Central Screen Saver
=> Splash! Siterave
=> StartDrive
=> Static FTP
=> StockBrowser
=> Subscriber
=> SunEdit 2K
=> SuperIDE
=> Sweep
=> SweepsWinner
=> Text Transmogrifier
=> The Mapper
=> TheNet
=> TI-FindMail
=> TIFNY
=> Total Finger
=> Total Whois
=> Tracking The Eye
=> Trade Site Creator
=> TWinExplorer Standard
=> TypeWriter 1.0
=> UK Phone Codes
=> Vagabond's Realm
=> VeriMP3
=> Vertigo QSearch
=> Virtual Access
=> Visual Cyberadio
=> Visual Surfer
=> VOG Backgammon Main
=> VOG Backgammon Table
=> VOG Chess Main
=> VOG Chess Table
=> VOG Reversi Main
=> VOG Reversi Table
=> VOG Shell
=> VOG Shell History
=> W3Filer
=> Web Coupon
=> Web Page Authoring Software
=> Web Registrant PRO
=> Web Resume
=> Web SurfACE
=> WEB2SMS
=> WebCamVCR
=> WebCopier
=> Web-N-Force
=> WebSaver
=> Website Manager
=> WebStripper
=> WebType
=> WhoIs Thingy
=> Win A Lotto
=> WinEdit 2000
=> Word+
=> Wordwright
=> WorldChat Client
=> Worm
=> www.devgames.com
=> xBlock
=> Your ESP Test
=> Zion
=> Zip Express 2000
PS. Idę do domu i wracam tu w NIEDZIELĘ rano, aby przesłać Wam ANTIDOTUM!
=========================================================================
-- °+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+° °+˛˛+°+˛˛+° Robert Jezierski http://www.xion.pl robert_at_xion.pl +˛+°+˛˛+° °+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+° ˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+ScitEX, Plugs'n'PrePress+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛ +˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+˛˛+°+
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 19:58:14 MET DST