... this is something you might want to forward on to your readers
The following is a listing of all software known to install the Aureate spy on your system. The Aureate spy keeps track of your Internet activities and sends a report to Aureate every time you open your browser. The Aureate spy places the following files on a Windows machine. [It is not known, yet, to affect Macintosh or Linux machines.]
The installed files are some or all of:
Here is a review of the contents and code contained in the DLL's that Aureate makes use of. Here are a few of my findings up to this point:
advert.dllThis DLL creates a hidden window every time you open your browser. It creates and sends 4 pages of information to the Aureate servers using port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and area of country you are in )
4. A listing of ALL software that is shown in your registry as being installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while using your browser
D.) the remote dialup number you are dialing in on (taken out of your dialer configuration)
E.) dialup password if saved, does not "appear" at first glance to send this through to them.
6. Contains programmers note: "Show me the money! I want to be Mike!"
advpack.dllUsed during the installation only to check for other needed files.
amcis.dllThis DLL modifies the following registry keys:
Unregisterss oleaut32.dll from memory as provided by M$oft and replaces with its own calls. Switches back to M$oft's when browser is closed. Creates stub processes to be started anytime your browser is opened.
amcompat.tlbThis guy tracks any multimedia clips ( video/pictures/sound ) that you view It tracks the rating level on the video/picture/sound and title / location Contains references to DblClick ( still digging on this one! )
amstream.dllSetups TWO way communications between your system and theirs. Used to send info and receive update commands/files Open port 1749 for communications
A variety of false rumors have been started, and we would appreciate
your help in finding the source of these rumors so that we can clarify
what our technology actually does and put these to rest.
As you may already know, what Aureate Media does is work with software
companies to make their products advertising supported. Aureate's
technology allows for these advertisements to be delivered and
within the software products of these software products.
The following concerns are those that have been brought to our attention. If you have additional concerns, please do contact us directly.
Advert.dll creates a hidden window every time you open your browser
This is true, but this happens because of the way that Microsoft Windows networking works. You will find that in running almost any windows program that hidden windows are created as this is how the OS was designed.
Advert.dll creates and sends 4 pages of information to Aureate on port 1749
We aren't sure exactly what is being referred to here. The first time someone installs software they are presented with an optional demographic survey (none of the information is required), and this information is sent to us one time (after the survey is completed). Prior to answering these questions, the user is presented with information explaining why we ask these questions and how the answers are used. The information sent is only the information provided. The use of port 1749 is misleading, as again this is something built into the way that Microsoft Windows networking works. Windows will pick a high numbered port (1500+) in a largely random fashion. Again, this is how the OS works.
Advert.dll will send your name to Aureate as it is listed in the system registry
Advert.dll will send your IP address to Aureate Your IP address is sent, again because of the way that Microsoft Windows networking and TCP/IP protocol works. An IP address is obviously required in order to communicate with an internet server in any instance.
Advert.dll performs a reverse DNS lookup on your IP address
Here again, it is Microsoft Windows networking that does this as part of the OS networking system.
Advert.dll creates a process anytime your browser is open.
This is true. This process delivers advertisements to a cache on the users PC which are displayed while the software is being run. This works in a similar way to how the browser works, with content and images (including ads) being delivered to a cache on the users PC and then are displayed in the browser window.
Advert.dll sends a list of all software listed in your registry
Advert.dll sends a list of all URL's you click on/visit
Advert.dll sends a list of all ad banners you click on
Completely false. We will of course know when you click on an ad banner that we delivered such that we can send the user to that advertisers web site in the same way that any ad network works.
Advert.dll will send all downloads you perform and related information
Advert.dll will send full time and date stamps of all your actions while you use your browser.
Advert.dll contains the string "Show me the money! I want to be Mike!"
This is true. It's a text string used by the DLL. DLLs contain many text strings which are used by the DLL itself. For example, if a particular program displayed a window which contained the text "Hello World", then the "Hello World" text string would be present inside that DLL.
Advpack.dll (and all comments relating to it)
Completely false. Advpack.dll is not one of our DLLs.
Amcis.dll modifies the following registry keys: (list of keys removed)
Amcis.dll will only add itself to the HKEY_CLASSES_ROOT registry key, as does any DLL installed on your system. It simply tells Windows where to find the DLLs your programs use.
Amcompat.tlb (and all comments relating to it)
Completely false. Amcompat.tlb is not one of our files.
Amstream.dll (and all comments relating to it)
Completely false. Amstream.dll is not one of our DLLs.
If you have any further questions, please don't hesitate to call or write.
Jeremy J. Newton, VP Sales
Aureate Media Corporation
|[zurück zur Trojaner-Seite]||
Seite wurde erstellt am 02.06.2000,