Theos-World FW: Internet Commercial Espionage Warning !
Mar 09, 2000 04:00 PM
by Free Tibet
-----Original Message-----
From: Marr, Greg (DEHAA) [mailto:gmarr@dehaa.sa.gov.au]
Sent: Wednesday, March 08, 2000 1:17 PM
To: 'rb@ADELAIDE.On.net.au'; 'nos@granite.net.au'
Subject: FW:
> -----Original Message-----
> From: Russell, Mike (DEHAA)
> Sent: Wednesday, March 08, 2000 1:14 PM
> To: Marr, Greg (DEHAA)
> Subject:
>
> You are not alone..
>
> This is a bit of a follow up on the zonealarm situation, which may or may
> not exist, but pales into significance into what i rencently found out
> about software manufacturer aureate, who make a shed load of programs,
> gozilla and get right being just two. Included below is a post from the
> antionline onelist, one of many, that explains exactly what the situation
> is, and how to avoid it. I for one will be uninstalling my 'free' version
> of gozilla, and getting the retail version from FOSI, just hope i remember
> to turn off live update <<...>> pleasent reading...and remember...there
> is no such thing as a free lunch <<...>>
>
>
> From: "whoseon3rd" <whoseon3rd@softhome.net>
>
> Anyone know how substantial the Aureate thing is?
>
> You can find alot of details here:
>
> www.hardocp.com/news_imag...pying.html
> <http://www.hardocp.com/news_images/2000/february_2000/aureatespying.html>
> which I will post the meat of it at the end of this email
>
> and if it is true in any way shape or form, what can I do get rid of their
> @#%$ on my computer
>
>
>
> > > > The following is a listing of all software known to install the
> > > > Aureate spy on your system. The Aureate spy keeps track of your
> > > > Internet activities and sends a report to Aureate every time you
> open
> > > > your browser. The Aureate spy places the following files on a
> Windows
> > > > machine. [It is not known, yet, to affect Macintosh or Linux
> > > > machines.]
> > > >
> > > > The installed files are some or all of:
> > > >
> > > > adimage.dll
> > > > advert.dll
> > > > advpack.dll
> > > > amcis.dll
> > > > amcis2.dll
> > > > amcompat.tlb
> > > > amstream.dll
> > > > anadsc.ocx
> > > > anadscb.ocx
> > > > htmdeng.exe
> > > > ipcclient.dll
> > > > msipcsv.exe
> > > > tfde.dll
> > > >
> > > >
> > > > ========== ========== ========== ==========
> > > > Dale said:
> > > >
> > > > OK folks, living up to my reputation as a "bulldog" when I get my
> > > > teeth into something, I have been busy "reviewing" the contents and
> > > > code contained in the DLL's that Aureate makes use of. Here are a
> > > > few of my findings up to this point:
> > > >
> > > > advert.dll
> > > > =======
> > > >
> > > > This DLL creates a hidden window every time you open your browser.
> It
> > > > creates and sends 4 pages of information to the Aureate servers
> using
> > > > port 1749 on your system, these pages include:
> > > >
> > > > 1. Your name as listed in the system registry ( not the name you
> > > > installed one of the programs with )
> > > > 2. Your IP address
> > > > 3. The reverse DNS match of your address. ( tells them what ISP and
> > > > area of country you are in )
> > > > 4. A listing of ALL software that is shown in your registry as being
> > > > installed. ( Not just the companies they work with )
> > > > 5. This DLL sends the following information to their server on all
> > > > URL's you visit:
> > > > A.) ad banners you may click on
> > > > B.) all downloads you do showing the filename/file
> > > > size/date/time/type of file(image, zip,executable, etc)
> > > > C.) full time and date stamps of all your actions while
> > > > using your
> > > > browser
> > > > D.) the remote dialup number you are dialing in on (taken out of
> > > > your dialer configuration)
> > > > E.) dialup password if saved, does not "appear" at first glance
> > > > to send this through to them.
> > > > 6. Contains programmers note: "Show me the money! I want to
> > > > be Mike!"
> > > >
> > > >
> > > > advpack.dll
> > > > =========
> > > >
> > > > Used during the installation only to check for other needed files.
> > > > amcis.dll
> > > > =======
> > > >
> > > > This DLL modifies the following registry keys:
> > > > 1. HKEY_CURRENT_CONFIG
> > > > 2. HKEY_DYN_DATA
> > > > 3. HKEY_PERFORMANCE_DATA
> > > > 4. HKEY_USERS
> > > > 5. HKEY_LOCAL_MACHINE
> > > > 6. HKEY_CURRENT_USER
> > > > 7. HKEY_CLASSES_ROOT
> > > >
> > > > Unregisterss oleaut32.dll from memory as provided by M$oft and
> > > > replaces with its own calls. Switches back to M$oft's when browser
> is
> > > > closed. Creates stub processes to be started anytime your browser is
> > > > opened.
> > > >
> > > >
> > > > amcompat.tlb
> > > > ===========
> > > >
> > > > This guy tracks any multimedia clips ( video/pictures/sound ) that
> > > > you view It tracks the rating level on the video/picture/sound and
> > > > title / location Contains references to DblClick ( still digging on
> > > > this one! )
> > > >
> > > >
> > > > amstream.dll
> > > > ==========
> > > >
> > > > Setups TWO way communications between your system and theirs.
> > > > Used to send info and receive update commands/files
> > > > Open port 1749 for communications
> > > >
> > > > ==================================================
> > > >
> > > > The programs that are known to install the Aureate spy are:
> > > >
> > > > 123Search
> > > > 3d Anarchy
> > > > 3D-FTP
> > > > 3rd block
> > > > Abe's FTP Client
> > > > Abe's Image Viewer
> > > > Abe's MP3 Finder
> > > > Abe's Picture Finder
> > > > Abe's SMB Client
> > > > Access Diver III
> > > > Acorn Email
> > > > AcqURL
> > > > ActionOutline Light 1.6
> > > > Active 'Net
> > > > Add URL
> > > > Add/Remove Plus!
> > > > Address Rover 98
> > > > Admiral VirusScanner
> > > > Advanced Call Center
> > > > Advanced Maillist Verify
> > > > AdWizard
> > > > Alive and Kicking
> > > > alphaScape QuickPaste
> > > > ASP1-A3
> > > > Auction Explorer
> > > > Aureate Group Mail
> > > > Aureate SpamKiller
> > > > AutoFTP PRO
> > > > AutoWeb
> > > > AxelCD
> > > > Beatle
> > > > Binary Boy
> > > > BinaryVortex
> > > > Blue Engine
> > > > BookSmith : Original
> > > > buddyPhone 2
> > > > Calypso E-mail
> > > > CamGrab
> > > > Capture Express 2000
> > > > Cascoly Screensaver
> > > > CDDB-Reader
> > > > CDMaster32
> > > > ChanStat
> > > > Charity Banner
> > > > Cheat Machine
> > > > Check4New
> > > > ChinMail
> > > > Clabra clipboard viewer
> > > > Classic Peg Solitaire
> > > > ComTry Music Downloader
> > > > Crystal FTP
> > > > CSE HTML Validator Lite
> > > > CuteFTP 3.0
> > > > CuteFTP 3.0
> > > > CuteFTP/Tripod
> > > > CuteMX
> > > > CutePage
> > > > Danzig Pref Engine
> > > > DateTime
> > > > Delphi Component Test
> > > > Delphi Tester
> > > > Dialer 2000
> > > > DigiBand NewsWatch
> > > > DigiCams - The WebCam Viewer
> > > > Digital Postman
> > > > DirectUpdate
> > > > DL-Mail Pro 2000
> > > > DNScape
> > > > Doorbell 1.18
> > > > Download Minder 1.5
> > > > Download Wonder
> > > > DownLoader v.1.1
> > > > Dwyco Video Conferencing
> > > > EasySeeker
> > > > EmmaSoft ChatCat
> > > > EmmaSoft dBrow
> > > > EmmaSoft KeepLan
> > > > EmmaSoft Soundz
> > > > EnvoyMail
> > > > EZ-Forms FREE
> > > > File Mag-Net
> > > > FileSplit
> > > > Folder Guard Jr.
> > > > FourTimes
> > > > Free Picture Harvester
> > > > Free Solitaire
> > > > Free Spades
> > > > Free Submitter Pro
> > > > FreeImageEditor
> > > > FreeIRC
> > > > FreeNotePad
> > > > FreeSite
> > > > FreeWebBrowser
> > > > FreeWebMail
> > > > FreeZip!
> > > > FTPEditor
> > > > GetRight
> > > > Go!Zilla
> > > > Go!Zilla WebAttack
> > > > GovernMail
> > > > Grafula
> > > > Gunther's PasswordSentry
> > > > HangWeb
> > > > hesci Private Label
> > > > HTML Translator
> > > > HTTP Proxy-Spy
> > > > Huey v1.8 Color Picker
> > > > Iban Technologies IP Tools 3.1
> > > > Idyle GimmIP
> > > > Idyle GimmIP
> > > > iFind Graphics
> > > > imageN
> > > > Infinite Patience
> > > > InfoBlast
> > > > InnovaClub
> > > > InstallZIP
> > > > Internet Tree
> > > > Internetrix
> > > > InterWebWord Companion
> > > > JetCar
> > > > JFK Research
> > > > jIRC
> > > > JOC Email Checker
> > > > JOC Web Finder
> > > > JOC Web Spider
> > > > KVT Diplom
> > > > LapLink FTP
> > > > LineSoft Download
> > > > LOL Chat
> > > > LOL Chat
> > > > Mail Them
> > > > Meracl FontMap
> > > > Meracl ImageMap Generator
> > > > Midnight Oil Solitaire
> > > > MirNik Internet Finder
> > > > More Space 99
> > > > MouseAssist
> > > > MP3 Album Finder
> > > > MP3 Fiend
> > > > MP3 Grouppie
> > > > MP3 Mag-Net
> > > > MP3 Renamer
> > > > Mp3 Stream Recorder
> > > > MP3INFO-Editor
> > > > MultiSender
> > > > Music Genie
> > > > MX Inspector BIG AD
> > > > My Genie Patriots
> > > > My Genie SE
> > > > My GetRight
> > > > NeatFTP
> > > > Net CB
> > > > Net Scan 2000
> > > > Net Vampire
> > > > Net-A-Car Feature Car Screensaver
> > > > NetAnts
> > > > NetBoard
> > > > Netbus Pro 2.10
> > > > NetCaptor 5.0
> > > > Netman Downloader
> > > > NetNak
> > > > NetSuck 3.10.5
> > > > NetTime Thingy
> > > > Network Assistant
> > > > NeuroStock
> > > > NewsBin
> > > > NewsShark
> > > > NewsWire
> > > > NfoNak
> > > > NotePads+
> > > > Notificator 1.0b
> > > > Octopus
> > > > Pattern Book
> > > > People Seek 98
> > > > Personal Search Agent
> > > > Photocopier
> > > > PicPluck
> > > > Pictures In News
> > > > Ping Thingy
> > > > PingMaster
> > > > Planet.Billboard
> > > > Planet.MP3Find
> > > > PMS
> > > > ProtectX 3
> > > > ProxyChecker
> > > > QuadSucker/Web
> > > > Quadzle Puzzles
> > > > QuikLink Autobot
> > > > QuikLink Explorer
> > > > QuikLink Explorer Gold Edition
> > > > QuoteWatch
> > > > QWallet
> > > > Real Estate Web Site Creator
> > > > Recipe Review
> > > > ReGet 1.6
> > > > Resume Detective
> > > > RingSurf
> > > > RoboCam 1.10
> > > > Rosemary's Weird Web World
> > > > SaberQuest Page Burner
> > > > SBJV
> > > > SBWcc
> > > > Scout's Game
> > > > ScreenFIRE
> > > > ScreenFIRE - FileKing
> > > > ScreenFlavors
> > > > Sea Battle
> > > > Shizzam
> > > > Simple Submit
> > > > SimpleFind
> > > > SimpleSubmit v1.0
> > > > SK-111
> > > > Smart 'n Sticky
> > > > SmartBoard 200 FREE Edition
> > > > SmartSum calculator
> > > > SonicMail
> > > > Sound Agent
> > > > Space Central Screen Saver
> > > > Splash! Siterave
> > > > StartDrive
> > > > Static FTP
> > > > StockBrowser
> > > > Subscriber
> > > > SunEdit 2K
> > > > SuperIDE
> > > > Sweep
> > > > SweepsWinner
> > > > Text Transmogrifier
> > > > The Mapper
> > > > TheNet
> > > > TI-FindMail
> > > > TIFNY
> > > > Total Finger
> > > > Total Whois
> > > > Tracking The Eye
> > > > Trade Site Creator
> > > > TWinExplorer Standard
> > > > TypeWriter 1.0
> > > > UK Phone Codes
> > > > Vagabond's Realm
> > > > VeriMP3
> > > > Vertigo QSearch
> > > > Virtual Access
> > > > Visual Cyberadio
> > > > Visual Surfer
> > > > VOG Backgammon Main
> > > > VOG Backgammon Table
> > > > VOG Chess Main
> > > > VOG Chess Table
> > > > VOG Reversi Main
> > > > VOG Reversi Table
> > > > VOG Shell
> > > > VOG Shell
> > > > VOG Shell History
> > > > W3Filer
> > > > Web Coupon
> > > > Web Page Authoring Software
> > > > Web Registrant PRO
> > > > Web Resume
> > > > Web SurfACE
> > > > WEB2SMS
> > > > WebCamVCR
> > > > WebCopier
> > > > Web-N-Force
> > > > WebSaver
> > > > Website Manager
> > > > WebStripper
> > > > WebType
> > > > WhoIs Thingy
> > > > Win A Lotto
> > > > WinEdit 2000
> > > > Word+
> > > > Wordwright
> > > > WorldChat Client
> > > > Worm
> > > > www.devgames.com
> > > > xBlock
> > > > Your ESP Test
> > > > Zion
> > > > Zip Express 2000
>
>
> --
> 'nuff said
> this user is unknown
> whoseon3rd@softhome.net
>
>
> scary huh?
>
> ronin
>
>
>
> Vin
> <http://pub5.ezboard.com/bmauisun.showLocalUserPublicProfile?login=vin>
> <<...>>
> Local user
> (3/7/00 6:15:44 pm)
> Reply
> <http://pub5.ezboard.com/fmauisundiscussions.showAddReplyScreenFromWeb?top
> icID=253.topic&index=1> you beat me to it
>
> I was digging into it all day,they pinged or scand me 4,500 to 5,000 times
> this afternoon!
> Needless to say I was mad.Did you see that link on there sight that says
> these are false acusations?
> I went into my 'regedit' and there was an entry from them(aureate)& to the
> best of my memory I havent installed any of there progs.after my last
> reformat!Back then I wasn't runing any protection. Is it posible they put
> it there on there own?(I would have never knowen!)
> Well Ronin you beat me to it (but you also did a better job at tracking
> them all down!)My work on this one should be done.Dont forget to check
> your'e regedit !Oops I was checking your'e list again and I did install
> getright the newest version 4.1.2!
> Vin...
> SpiritMaster <http://pub5.ezboard.com/uspiritmaster.showPublicProfile>
> <<...>>
> Global user
> (3/7/00 6:24:44 pm)
> Reply
> <http://pub5.ezboard.com/fmauisundiscussions.showAddReplyScreenFromWeb?top
> icID=253.topic&index=2>
> <<...>> Re: you beat me to it
>
> This info is just partially true as some of the files listed are windows
> own, and some of those listed as Aureates are from other freeware. This
> story started on Zor's Discussion Board and the person who wrote the above
> stuff was Acid_Burn. There has been a lot of talking about this subject on
> Zor's so I suggest you go there and scroll down both the boards for
> further info. There has also been made two progz, one by Cokebottle and
> another by Shade which search your hd for these spyfiles and removes them.
> You should find the linkz on the boards.
>
> Zor's:
>
> pub3.ezboard.com/fzorsboa...cracklinks
> <http://pub3.ezboard.com/fzorsboardzorscracklinks>
> server5.ezboard.com/fzors...ssion.html
> <http://server5.ezboard.com/fzorsboardgeneraldiscussion.html>
>
>
-- THEOSOPHY WORLD -- Theosophical Talk -- theos-talk@theosophy.com
Letters to the Editor, and discussion of theosophical ideas and
teachings. To subscribe or unsubscribe, send a message consisting of
"subscribe" or "unsubscribe" to theos-talk-request@theosophy.com.
[Back to Top]
Theosophy World:
Dedicated to the Theosophical Philosophy and its Practical Application