OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Aureate Spies on You
From: bob zion (bzionMINDSPRING.COM)
Date: Wed Feb 23 2000 - 13:20:57 CST

hi
this implies that even repuatable sources of software, i.e., zdnet, can use
this for marketing purposes

how do we close this port or others?
----- Original Message -----
From: "MJE" <markNTSHOP.NET>
To: <win2ksecadviceLISTSERV.NTSECURITY.NET>
Sent: Wednesday, February 23, 2000 11:14 AM
Subject: Aureate Spies on You

> Forwarded from another list -- anyone know about this Aureate spying
stuff?
> Be sure to check the list of apps that allegedly contain this code -- it's
> at the bottom of the message.
>
> MJE
>
>
>
> > -----Original Message-----
> > From: Edward (Ted) Burton [mailto:egburtonCONSULTBURTON.COM]
> > Sent: Monday, February 21, 2000 2:02 PM
> > To: Lawyers and the Internet
> > Cc: Craighead, Paula
> > Subject: [NET-LAWYERS] Aureate Spy
> >
> >
> > While I am not a Windows user, the following information has popped
> > up on the LawTech list and is of some interest to attorneys who wish
> > to not leave a paper trail out there on the Internet for commercial
> > use by others.
> >
> > According to Dale Haag, <dhaagNOL.NET>
> >
> > The following is a listing of all software known to install the
> > Aureate spy on your system. The Aureate spy keeps track of your
> > Internet activities and sends a report to Aureate every time you open
> > your browser. The Aureate spy places the following files on a Windows
> > machine. [It is not known, yet, to affect Macintosh or Linux
> > machines.]
> >
> > The installed files are some or all of:
> >
> > adimage.dll
> > advert.dll
> > advpack.dll
> > amcis.dll
> > amcis2.dll
> > amcompat.tlb
> > amstream.dll
> > anadsc.ocx
> > anadscb.ocx
> > htmdeng.exe
> > ipcclient.dll
> > msipcsv.exe
> > tfde.dll
> >
> >
> > ========== ========== ========== ==========
> > Dale said:
> >
> > OK folks, living up to my reputation as a "bulldog" when I get my
> > teeth into something, I have been busy "reviewing" the contents and
> > code contained in the DLL's that Aureate makes use of. Here are a
> > few of my findings up to this point:
> >
> > advert.dll
> > =======
> >
> > This DLL creates a hidden window every time you open your browser. It
> > creates and sends 4 pages of information to the Aureate servers using
> > port 1749 on your system, these pages include:
> >
> > 1. Your name as listed in the system registry ( not the name you
> > installed one of the programs with )
> > 2. Your IP address
> > 3. The reverse DNS match of your address. ( tells them what ISP and
> > area of country you are in )
> > 4. A listing of ALL software that is shown in your registry as being
> > installed. ( Not just the companies they work with )
> > 5. This DLL sends the following information to their server on all
> > URL's you visit:
> > A.) ad banners you may click on
> > B.) all downloads you do showing the filename/file
> > size/date/time/type of file(image, zip,executable, etc)
> > C.) full time and date stamps of all your actions while
> > using your
> > browser
> > D.) the remote dialup number you are dialing in on (taken out of
> > your dialer configuration)
> > E.) dialup password if saved, does not "appear" at first glance
> > to send this through to them.
> > 6. Contains programmers note: "Show me the money! I want to
> > be Mike!"
> >
> >
> > advpack.dll
> > =========
> >
> > Used during the installation only to check for other needed files.
> > amcis.dll
> > =======
> >
> > This DLL modifies the following registry keys:
> > 1. HKEY_CURRENT_CONFIG
> > 2. HKEY_DYN_DATA
> > 3. HKEY_PERFORMANCE_DATA
> > 4. HKEY_USERS
> > 5. HKEY_LOCAL_MACHINE
> > 6. HKEY_CURRENT_USER
> > 7. HKEY_CLASSES_ROOT
> >
> > Unregisterss oleaut32.dll from memory as provided by M$oft and
> > replaces with its own calls. Switches back to M$oft's when browser is
> > closed. Creates stub processes to be started anytime your browser is
> > opened.
> >
> >
> > amcompat.tlb
> > ===========
> >
> > This guy tracks any multimedia clips ( video/pictures/sound ) that
> > you view It tracks the rating level on the video/picture/sound and
> > title / location Contains references to DblClick ( still digging on
> > this one! )
> >
> >
> > amstream.dll
> > ==========
> >
> > Setups TWO way communications between your system and theirs.
> > Used to send info and receive update commands/files
> > Open port 1749 for communications
> >
> > ==================================================
> >
> > The programs that are known to install the Aureate spy are:
> >
> > 123Search
> > 3d Anarchy
> > 3D-FTP
> > 3rd block
> > Abe's FTP Client
> > Abe's Image Viewer
> > Abe's MP3 Finder
> > Abe's Picture Finder
> > Abe's SMB Client
> > Access Diver III
> > Acorn Email
> > AcqURL
> > ActionOutline Light 1.6
> > Active 'Net
> > Add URL
> > Add/Remove Plus!
> > Address Rover 98
> > Admiral VirusScanner
> > Advanced Call Center
> > Advanced Maillist Verify
> > AdWizard
> > Alive and Kicking
> > alphaScape QuickPaste
> > ASP1-A3
> > Auction Explorer
> > Aureate Group Mail
> > Aureate SpamKiller
> > AutoFTP PRO
> > AutoWeb
> > AxelCD
> > Beatle
> > Binary Boy
> > BinaryVortex
> > Blue Engine
> > BookSmith : Original
> > buddyPhone 2
> > Calypso E-mail
> > CamGrab
> > Capture Express 2000
> > Cascoly Screensaver
> > CDDB-Reader
> > CDMaster32
> > ChanStat
> > Charity Banner
> > Cheat Machine
> > Check4New
> > ChinMail
> > Clabra clipboard viewer
> > Classic Peg Solitaire
> > ComTry Music Downloader
> > Crystal FTP
> > CSE HTML Validator Lite
> > CuteFTP 3.0
> > CuteFTP 3.0
> > CuteFTP/Tripod
> > CuteMX
> > CutePage
> > Danzig Pref Engine
> > DateTime
> > Delphi Component Test
> > Delphi Tester
> > Dialer 2000
> > DigiBand NewsWatch
> > DigiCams - The WebCam Viewer
> > Digital Postman
> > DirectUpdate
> > DL-Mail Pro 2000
> > DNScape
> > Doorbell 1.18
> > Download Minder 1.5
> > Download Wonder
> > DownLoader v.1.1
> > Dwyco Video Conferencing
> > EasySeeker
> > EmmaSoft ChatCat
> > EmmaSoft dBrow
> > EmmaSoft KeepLan
> > EmmaSoft Soundz
> > EnvoyMail
> > EZ-Forms FREE
> > File Mag-Net
> > FileSplit
> > Folder Guard Jr.
> > FourTimes
> > Free Picture Harvester
> > Free Solitaire
> > Free Spades
> > Free Submitter Pro
> > FreeImageEditor
> > FreeIRC
> > FreeNotePad
> > FreeSite
> > FreeWebBrowser
> > FreeWebMail
> > FreeZip!
> > FTPEditor
> > GetRight
> > Go!Zilla
> > Go!Zilla WebAttack
> > GovernMail
> > Grafula
> > Gunther's PasswordSentry
> > HangWeb
> > hesci Private Label
> > HTML Translator
> > HTTP Proxy-Spy
> > Huey v1.8 Color Picker
> > Iban Technologies IP Tools 3.1
> > Idyle GimmIP
> > Idyle GimmIP
> > iFind Graphics
> > imageN
> > Infinite Patience
> > InfoBlast
> > InnovaClub
> > InstallZIP
> > Internet Tree
> > Internetrix
> > InterWebWord Companion
> > JetCar
> > JFK Research
> > jIRC
> > JOC Email Checker
> > JOC Web Finder
> > JOC Web Spider
> > KVT Diplom
> > LapLink FTP
> > LineSoft Download
> > LOL Chat
> > LOL Chat
> > Mail Them
> > Meracl FontMap
> > Meracl ImageMap Generator
> > Midnight Oil Solitaire
> > MirNik Internet Finder
> > More Space 99
> > MouseAssist
> > MP3 Album Finder
> > MP3 Fiend
> > MP3 Grouppie
> > MP3 Mag-Net
> > MP3 Renamer
> > Mp3 Stream Recorder
> > MP3INFO-Editor
> > MultiSender
> > Music Genie
> > MX Inspector BIG AD
> > My Genie Patriots
> > My Genie SE
> > My GetRight
> > NeatFTP
> > Net CB
> > Net Scan 2000
> > Net Vampire
> > Net-A-Car Feature Car Screensaver
> > NetAnts
> > NetBoard
> > Netbus Pro 2.10
> > NetCaptor 5.0
> > Netman Downloader
> > NetNak
> > NetSuck 3.10.5
> > NetTime Thingy
> > Network Assistant
> > NeuroStock
> > NewsBin
> > NewsShark
> > NewsWire
> > NfoNak
> > NotePads+
> > Notificator 1.0b
> > Octopus
> > Pattern Book
> > People Seek 98
> > Personal Search Agent
> > Photocopier
> > PicPluck
> > Pictures In News
> > Ping Thingy
> > PingMaster
> > Planet.Billboard
> > Planet.MP3Find
> > PMS
> > ProtectX 3
> > ProxyChecker
> > QuadSucker/Web
> > Quadzle Puzzles
> > QuikLink Autobot
> > QuikLink Explorer
> > QuikLink Explorer Gold Edition
> > QuoteWatch
> > QWallet
> > Real Estate Web Site Creator
> > Recipe Review
> > ReGet 1.6
> > Resume Detective
> > RingSurf
> > RoboCam 1.10
> > Rosemary's Weird Web World
> > SaberQuest Page Burner
> > SBJV
> > SBWcc
> > Scout's Game
> > ScreenFIRE
> > ScreenFIRE - FileKing
> > ScreenFlavors
> > Sea Battle
> > Shizzam
> > Simple Submit
> > SimpleFind
> > SimpleSubmit v1.0
> > SK-111
> > Smart 'n Sticky
> > SmartBoard 200 FREE Edition
> > SmartSum calculator
> > SonicMail
> > Sound Agent
> > Space Central Screen Saver
> > Splash! Siterave
> > StartDrive
> > Static FTP
> > StockBrowser
> > Subscriber
> > SunEdit 2K
> > SuperIDE
> > Sweep
> > SweepsWinner
> > Text Transmogrifier
> > The Mapper
> > TheNet
> > TI-FindMail
> > TIFNY
> > Total Finger
> > Total Whois
> > Tracking The Eye
> > Trade Site Creator
> > TWinExplorer Standard
> > TypeWriter 1.0
> > UK Phone Codes
> > Vagabond's Realm
> > VeriMP3
> > Vertigo QSearch
> > Virtual Access
> > Visual Cyberadio
> > Visual Surfer
> > VOG Backgammon Main
> > VOG Backgammon Table
> > VOG Chess Main
> > VOG Chess Table
> > VOG Reversi Main
> > VOG Reversi Table
> > VOG Shell
> > VOG Shell
> > VOG Shell History
> > W3Filer
> > Web Coupon
> > Web Page Authoring Software
> > Web Registrant PRO
> > Web Resume
> > Web SurfACE
> > WEB2SMS
> > WebCamVCR
> > WebCopier
> > Web-N-Force
> > WebSaver
> > Website Manager
> > WebStripper
> > WebType
> > WhoIs Thingy
> > Win A Lotto
> > WinEdit 2000
> > Word+
> > Wordwright
> > WorldChat Client
> > Worm
> > www.devgames.com
> > xBlock
> > Your ESP Test
> > Zion
> > Zip Express 2000
> >
> > _________________________________________
> > List Owner: Lewis Rose, lewrosearentfox.com
> > Web Site: http://www.net-lawyers.org
> > Archives: http://eva.dc.lsoft.com/Archives/net-lawyers.html
> >
> > http://www.prairielaw.com "The #1 law destination..."
> > Participate in our
> > message
> > boards, e-mail discussion groups, and chats. Network with other legal
> > professionals; get opinions from experts; offer assistance to
> > consumers.
> >
>
> _____________________________________________________________________
> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net