> -----Original Message----- > Sent: Monday, February 21, 2000 2:02 PM > Subject: [NET-LAWYERS] Aureate Spy > > > While I am not a Windows user, the following information has popped > up on the LawTech list and is of some interest to attorneys who wish > to not leave a paper trail out there on the Internet for commercial > use by others. > > According to Dale Haag, > > The following is a listing of all software known to install the > Aureate spy on your system. The Aureate spy keeps track of your > Internet activities and sends a report to Aureate every time you open > your browser. The Aureate spy places the following files on a Windows > machine. [It is not known, yet, to affect Macintosh or Linux > machines.] > > The installed files are some or all of: > > adimage.dll > advert.dll > advpack.dll > amcis.dll > amcis2.dll > amcompat.tlb > amstream.dll > anadsc.ocx > anadscb.ocx > htmdeng.exe > ipcclient.dll > msipcsv.exe > tfde.dll > > > ========== ========== ========== ========== > Dale said: > > OK folks, living up to my reputation as a "bulldog" when I get my > teeth into something, I have been busy "reviewing" the contents and > code contained in the DLL's that Aureate makes use of. Here are a > few of my findings up to this point: > > advert.dll > ======= > > This DLL creates a hidden window every time you open your browser. It > creates and sends 4 pages of information to the Aureate servers using > port 1749 on your system, these pages include: > > 1. Your name as listed in the system registry ( not the name you > installed one of the programs with ) > 2. Your IP address > 3. The reverse DNS match of your address. ( tells them what ISP and > area of country you are in ) > 4. A listing of ALL software that is shown in your registry as being > installed. ( Not just the companies they work with ) > 5. This DLL sends the following information to their server on all > URL's you visit: > A.) ad banners you may click on > B.) all downloads you do showing the filename/file > size/date/time/type of file(image, zip,executable, etc) > C.) full time and date stamps of all your actions while > using your > browser > D.) the remote dialup number you are dialing in on (taken out of > your dialer configuration) > E.) dialup password if saved, does not "appear" at first glance > to send this through to them. > 6. Contains programmers note: "Show me the money! I want to > be Mike!" > > > advpack.dll > ========= > > Used during the installation only to check for other needed files. > amcis.dll > ======= > > This DLL modifies the following registry keys: > 1. HKEY_CURRENT_CONFIG > 2. HKEY_DYN_DATA > 3. HKEY_PERFORMANCE_DATA > 4. HKEY_USERS > 5. HKEY_LOCAL_MACHINE > 6. HKEY_CURRENT_USER > 7. HKEY_CLASSES_ROOT > > Unregisterss oleaut32.dll from memory as provided by M$oft and > replaces with its own calls. Switches back to M$oft's when browser is > closed. Creates stub processes to be started anytime your browser is > opened. > > > amcompat.tlb > =========== > > This guy tracks any multimedia clips ( video/pictures/sound ) that > you view It tracks the rating level on the video/picture/sound and > title / location Contains references to DblClick ( still digging on > this one! ) > > > amstream.dll > ========== > > Setups TWO way communications between your system and theirs. > Used to send info and receive update commands/files > Open port 1749 for communications > > ================================================== > > The programs that are known to install the Aureate spy are: > > 123Search > 3d Anarchy > 3D-FTP > 3rd block > Abe's FTP Client > Abe's Image Viewer > Abe's MP3 Finder > Abe's Picture Finder > Abe's SMB Client > Access Diver III > Acorn Email > AcqURL > ActionOutline Light 1.6 > Active 'Net > Add URL > Add/Remove Plus! > Address Rover 98 > Admiral VirusScanner > Advanced Call Center > Advanced Maillist Verify > AdWizard > Alive and Kicking > alphaScape QuickPaste > ASP1-A3 > Auction Explorer > Aureate Group Mail > Aureate SpamKiller > AutoFTP PRO > AutoWeb > AxelCD > Beatle > Binary Boy > BinaryVortex > Blue Engine > BookSmith : Original > buddyPhone 2 > Calypso E-mail > CamGrab > Capture Express 2000 > Cascoly Screensaver > CDDB-Reader > CDMaster32 > ChanStat > Charity Banner > Cheat Machine > Check4New > ChinMail > Clabra clipboard viewer > Classic Peg Solitaire > ComTry Music Downloader > Crystal FTP > CSE HTML Validator Lite > CuteFTP 3.0 > CuteFTP 3.0 > CuteFTP/Tripod > CuteMX > CutePage > Danzig Pref Engine > DateTime > Delphi Component Test > Delphi Tester > Dialer 2000 > DigiBand NewsWatch > DigiCams - The WebCam Viewer > Digital Postman > DirectUpdate > DL-Mail Pro 2000 > DNScape > Doorbell 1.18 > Download Minder 1.5 > Download Wonder > DownLoader v.1.1 > Dwyco Video Conferencing > EasySeeker > EmmaSoft ChatCat > EmmaSoft dBrow > EmmaSoft KeepLan > EmmaSoft Soundz > EnvoyMail > EZ-Forms FREE > File Mag-Net > FileSplit > Folder Guard Jr. > FourTimes > Free Picture Harvester > Free Solitaire > Free Spades > Free Submitter Pro > FreeImageEditor > FreeIRC > FreeNotePad > FreeSite > FreeWebBrowser > FreeWebMail > FreeZip! > FTPEditor > GetRight > Go!Zilla > Go!Zilla WebAttack > GovernMail > Grafula > Gunther's PasswordSentry > HangWeb > hesci Private Label > HTML Translator > HTTP Proxy-Spy > Huey v1.8 Color Picker > Iban Technologies IP Tools 3.1 > Idyle GimmIP > Idyle GimmIP > iFind Graphics > imageN > Infinite Patience > InfoBlast > InnovaClub > InstallZIP > Internet Tree > Internetrix > InterWebWord Companion > JetCar > JFK Research > jIRC > JOC Email Checker > JOC Web Finder > JOC Web Spider > KVT Diplom > LapLink FTP > LineSoft Download > LOL Chat > LOL Chat > Mail Them > Meracl FontMap > Meracl ImageMap Generator > Midnight Oil Solitaire > MirNik Internet Finder > More Space 99 > MouseAssist > MP3 Album Finder > MP3 Fiend > MP3 Grouppie > MP3 Mag-Net > MP3 Renamer > Mp3 Stream Recorder > MP3INFO-Editor > MultiSender > Music Genie > MX Inspector BIG AD > My Genie Patriots > My Genie SE > My GetRight > NeatFTP > Net CB > Net Scan 2000 > Net Vampire > Net-A-Car Feature Car Screensaver > NetAnts > NetBoard > Netbus Pro 2.10 > NetCaptor 5.0 > Netman Downloader > NetNak > NetSuck 3.10.5 > NetTime Thingy > Network Assistant > NeuroStock > NewsBin > NewsShark > NewsWire > NfoNak > NotePads+ > Notificator 1.0b > Octopus > Pattern Book > People Seek 98 > Personal Search Agent > Photocopier > PicPluck > Pictures In News > Ping Thingy > PingMaster > Planet.Billboard > Planet.MP3Find > PMS > ProtectX 3 > ProxyChecker > QuadSucker/Web > Quadzle Puzzles > QuikLink Autobot > QuikLink Explorer > QuikLink Explorer Gold Edition > QuoteWatch > QWallet > Real Estate Web Site Creator > Recipe Review > ReGet 1.6 > Resume Detective > RingSurf > RoboCam 1.10 > Rosemary's Weird Web World > SaberQuest Page Burner > SBJV > SBWcc > Scout's Game > ScreenFIRE > ScreenFIRE - FileKing > ScreenFlavors > Sea Battle > Shizzam > Simple Submit > SimpleFind > SimpleSubmit v1.0 > SK-111 > Smart 'n Sticky > SmartBoard 200 FREE Edition > SmartSum calculator > SonicMail > Sound Agent > Space Central Screen Saver > Splash! Siterave > StartDrive > Static FTP > StockBrowser > Subscriber > SunEdit 2K > SuperIDE > Sweep > SweepsWinner > Text Transmogrifier > The Mapper > TheNet > TI-FindMail > TIFNY > Total Finger > Total Whois > Tracking The Eye > Trade Site Creator > TWinExplorer Standard > TypeWriter 1.0 > UK Phone Codes > Vagabond's Realm > VeriMP3 > Vertigo QSearch > Virtual Access > Visual Cyberadio > Visual Surfer > VOG Backgammon Main > VOG Backgammon Table > VOG Chess Main > VOG Chess Table > VOG Reversi Main > VOG Reversi Table > VOG Shell > VOG Shell > VOG Shell History > W3Filer > Web Coupon > Web Page Authoring Software > Web Registrant PRO > Web Resume > Web SurfACE > WEB2SMS > WebCamVCR > WebCopier > Web-N-Force > WebSaver > Website Manager > WebStripper > WebType > WhoIs Thingy > Win A Lotto > WinEdit 2000 > Word+ > Wordwright > WorldChat Client > Worm > www.devgames.com > xBlock > Your ESP Test > Zion > Zip Express 2000