Miroslav
Water Chip? Been There, Done That
I found this very interesting. comments?
The Aureate spy keeps track of your Internet
activities and sends a report to Aureate every time you open your
browser. The Aureate spy places the following files on a Windows
machine. [It is not known, yet, to affect Macintosh or Linux machines.]
The programs that are known to install the Aureate spy are:
123Search
3d Anarchy
3D-FTP
3rd block
Abe's FTP Client
Abe's Image Viewer
Abe's MP3 Finder
Abe's Picture Finder
Abe's SMB Client
Access Diver III
Acorn Email
AcqURL
ActionOutline Light 1.6
Active 'Net
Add URL
Add/Remove Plus!
Address Rover 98
Admiral VirusScanner
Advanced Call Center
Advanced Maillist Verify
AdWizard
Alive and Kicking
alphaScape QuickPaste
ASP1-A3
Auction Explorer
Aureate Group Mail
Aureate SpamKiller
AutoFTP PRO
AutoWeb
AxelCD
Beatle
Binary Boy
BinaryVortex
Blue Engine
BookSmith : Original
buddyPhone 2
Calypso E-mail
CamGrab
Capture Express 2000
Cascoly Screensaver
CDDB-Reader
CDMaster32
ChanStat
Charity Banner
Cheat Machine
Check4New
ChinMail
Clabra clipboard viewer
Classic Peg Solitaire
ComTry Music Downloader
Crystal FTP
CSE HTML Validator Lite
CuteFTP 3.0
CuteFTP 3.0
CuteFTP/Tripod
CuteMX
CutePage
Danzig Pref Engine
DateTime
Delphi Component Test
Delphi Tester
Dialer 2000
DigiBand NewsWatch
DigiCams - The WebCam Viewer
Digital Postman
DirectUpdate
DL-Mail Pro 2000
DNScape
Doorbell 1.18
Download Minder 1.5
Download Wonder
DownLoader v.1.1
Dwyco Video Conferencing
EasySeeker
EmmaSoft ChatCat
EmmaSoft dBrow
EmmaSoft KeepLan
EmmaSoft Soundz
EnvoyMail
EZ-Forms FREE
File Mag-Net
FileSplit
Folder Guard Jr.
FourTimes
Free Picture Harvester
Free Solitaire
Free Spades
Free Submitter Pro
FreeImageEditor
FreeIRC
FreeNotePad
FreeSite
FreeWebBrowser
FreeWebMail
FreeZip!
FTPEditor
GetRight
Go!Zilla
Go!Zilla WebAttack
GovernMail
Grafula
Gunther's PasswordSentry
HangWeb
hesci Private Label
HTML Translator
HTTP Proxy-Spy
Huey v1.8 Color Picker
Iban Technologies IP Tools 3.1
Idyle GimmIP
Idyle GimmIP
iFind Graphics
imageN
Infinite Patience
InfoBlast
InnovaClub
InstallZIP
Internet Tree
Internetrix
InterWebWord Companion
JetCar
JFK Research
jIRC
JOC Email Checker
JOC Web Finder
JOC Web Spider
KVT Diplom
LapLink FTP
LineSoft Download
LOL Chat
LOL Chat
Mail Them
Meracl FontMap
Meracl ImageMap Generator
Midnight Oil Solitaire
MirNik Internet Finder
More Space 99
MouseAssist
MP3 Album Finder
MP3 Fiend
MP3 Grouppie
MP3 Mag-Net
MP3 Renamer
Mp3 Stream Recorder
MP3INFO-Editor
MultiSender
Music Genie
MX Inspector BIG AD
My Genie Patriots
My Genie SE
My GetRight
NeatFTP
Net CB
Net Scan 2000
Net Vampire
Net-A-Car Feature Car Screensaver
NetAnts
NetBoard
Netbus Pro 2.10
NetCaptor 5.0
Netman Downloader
NetNak
NetSuck 3.10.5
NetTime Thingy
Network Assistant
NeuroStock
NewsBin
NewsShark
NewsWire
NfoNak
NotePads+
Notificator 1.0b
Octopus
Pattern Book
People Seek 98
Personal Search Agent
Photocopier
PicPluck
Pictures In News
Ping Thingy
PingMaster
Planet.Billboard
Planet.MP3Find
PMS
ProtectX 3
ProxyChecker
QuadSucker/Web
Quadzle Puzzles
QuikLink Autobot
QuikLink Explorer
QuikLink Explorer Gold Edition
QuoteWatch
QWallet
Real Estate Web Site Creator
Recipe Review
ReGet 1.6
Resume Detective
RingSurf
RoboCam 1.10
Rosemary's Weird Web World
SaberQuest Page Burner
SBJV
SBWcc
Scout's Game
ScreenFIRE
ScreenFIRE - FileKing
ScreenFlavors
Sea Battle
Shizzam
Simple Submit
SimpleFind
SimpleSubmit v1.0
SK-111
Smart 'n Sticky
SmartBoard 200 FREE Edition
SmartSum calculator
SonicMail
Sound Agent
Space Central Screen Saver
Splash! Siterave
StartDrive
Static FTP
StockBrowser
Subscriber
SunEdit 2K
SuperIDE
Sweep
SweepsWinner
Text Transmogrifier
The Mapper
TheNet
TI-FindMail
TIFNY
Total Finger
Total Whois
Tracking The Eye
Trade Site Creator
TWinExplorer Standard
TypeWriter 1.0
UK Phone Codes
Vagabond's Realm
VeriMP3
Vertigo QSearch
Virtual Access
Visual Cyberadio
Visual Surfer
VOG Backgammon Main
VOG Backgammon Table
VOG Chess Main
VOG Chess Table
VOG Reversi Main
VOG Reversi Table
VOG Shell
VOG Shell
VOG Shell History
W3Filer
Web Coupon
Web Page Authoring Software
Web Registrant PRO
Web Resume
Web SurfACE
WEB2SMS
WebCamVCR
WebCopier
Web-N-Force
WebSaver
Website Manager
WebStripper
WebType
WhoIs Thingy
Win A Lotto
WinEdit 2000
Word+
Wordwright
WorldChat Client
Worm
www.devgames.com
xBlock
Your ESP Test
Zion
Zip Express 2000
---
Zor, this is something you might want to forward on to your readers
somehow.
The following is a listing of all software known to install the Aureate
spy on your system. The Aureate spy keeps track of your Internet
activities and sends a report to Aureate every time you open your
browser. The Aureate spy places the following files on a Windows
machine. [It is not known, yet, to affect Macintosh or Linux machines.]
The installed files are some or all of:
adimage.dll
advert.dll
advpack.dll
amcis.dll
amcis2.dll
amcompat.tlb
amstream.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipcclient.dll
msipcsv.exe
tfde.dll
Here is a review of the contents and
code contained in the DLL's that Aureate makes use of. Here are a
few of my findings up to this point:
advert.dll
=======
This DLL creates a hidden window every time you open your browser. It
creates and sends 4 pages of information to the Aureate servers using
port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you
installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and
area of country you are in )
4. A listing of ALL software that is shown in your registry as being
installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all
URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file
size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while
using your
browser
D.) the remote dialup number you are dialing in on (taken out of
your dialer configuration)
E.) dialup password if saved, does not "appear" at first glance
to send this through to them.
6. Contains programmers note: "Show me the money! I want to
be Mike!"
advpack.dll
=========
Used during the installation only to check for other needed files.
amcis.dll
=======
This DLL modifies the following registry keys:
1. HKEY_CURRENT_CONFIG
2. HKEY_DYN_DATA
3. HKEY_PERFORMANCE_DATA
4. HKEY_USERS
5. HKEY_LOCAL_MACHINE
6. HKEY_CURRENT_USER
7. HKEY_CLASSES_ROOT
Unregisterss oleaut32.dll from memory as provided by M$oft and
replaces with its own calls. Switches back to M$oft's when browser is
closed. Creates stub processes to be started anytime your browser is
opened.
amcompat.tlb
===========
This guy tracks any multimedia clips ( video/pictures/sound ) that
you view It tracks the rating level on the video/picture/sound and
title / location Contains references to DblClick ( still digging on
this one! )
amstream.dll
==========
Setups TWO way communications between your system and theirs.
Used to send info and receive update commands/files
Open port 1749 for communications
The Aureate spy keeps track of your Internet
activities and sends a report to Aureate every time you open your
browser. The Aureate spy places the following files on a Windows
machine. [It is not known, yet, to affect Macintosh or Linux machines.]
The programs that are known to install the Aureate spy are:
123Search
3d Anarchy
3D-FTP
3rd block
Abe's FTP Client
Abe's Image Viewer
Abe's MP3 Finder
Abe's Picture Finder
Abe's SMB Client
Access Diver III
Acorn Email
AcqURL
ActionOutline Light 1.6
Active 'Net
Add URL
Add/Remove Plus!
Address Rover 98
Admiral VirusScanner
Advanced Call Center
Advanced Maillist Verify
AdWizard
Alive and Kicking
alphaScape QuickPaste
ASP1-A3
Auction Explorer
Aureate Group Mail
Aureate SpamKiller
AutoFTP PRO
AutoWeb
AxelCD
Beatle
Binary Boy
BinaryVortex
Blue Engine
BookSmith : Original
buddyPhone 2
Calypso E-mail
CamGrab
Capture Express 2000
Cascoly Screensaver
CDDB-Reader
CDMaster32
ChanStat
Charity Banner
Cheat Machine
Check4New
ChinMail
Clabra clipboard viewer
Classic Peg Solitaire
ComTry Music Downloader
Crystal FTP
CSE HTML Validator Lite
CuteFTP 3.0
CuteFTP 3.0
CuteFTP/Tripod
CuteMX
CutePage
Danzig Pref Engine
DateTime
Delphi Component Test
Delphi Tester
Dialer 2000
DigiBand NewsWatch
DigiCams - The WebCam Viewer
Digital Postman
DirectUpdate
DL-Mail Pro 2000
DNScape
Doorbell 1.18
Download Minder 1.5
Download Wonder
DownLoader v.1.1
Dwyco Video Conferencing
EasySeeker
EmmaSoft ChatCat
EmmaSoft dBrow
EmmaSoft KeepLan
EmmaSoft Soundz
EnvoyMail
EZ-Forms FREE
File Mag-Net
FileSplit
Folder Guard Jr.
FourTimes
Free Picture Harvester
Free Solitaire
Free Spades
Free Submitter Pro
FreeImageEditor
FreeIRC
FreeNotePad
FreeSite
FreeWebBrowser
FreeWebMail
FreeZip!
FTPEditor
GetRight
Go!Zilla
Go!Zilla WebAttack
GovernMail
Grafula
Gunther's PasswordSentry
HangWeb
hesci Private Label
HTML Translator
HTTP Proxy-Spy
Huey v1.8 Color Picker
Iban Technologies IP Tools 3.1
Idyle GimmIP
Idyle GimmIP
iFind Graphics
imageN
Infinite Patience
InfoBlast
InnovaClub
InstallZIP
Internet Tree
Internetrix
InterWebWord Companion
JetCar
JFK Research
jIRC
JOC Email Checker
JOC Web Finder
JOC Web Spider
KVT Diplom
LapLink FTP
LineSoft Download
LOL Chat
LOL Chat
Mail Them
Meracl FontMap
Meracl ImageMap Generator
Midnight Oil Solitaire
MirNik Internet Finder
More Space 99
MouseAssist
MP3 Album Finder
MP3 Fiend
MP3 Grouppie
MP3 Mag-Net
MP3 Renamer
Mp3 Stream Recorder
MP3INFO-Editor
MultiSender
Music Genie
MX Inspector BIG AD
My Genie Patriots
My Genie SE
My GetRight
NeatFTP
Net CB
Net Scan 2000
Net Vampire
Net-A-Car Feature Car Screensaver
NetAnts
NetBoard
Netbus Pro 2.10
NetCaptor 5.0
Netman Downloader
NetNak
NetSuck 3.10.5
NetTime Thingy
Network Assistant
NeuroStock
NewsBin
NewsShark
NewsWire
NfoNak
NotePads+
Notificator 1.0b
Octopus
Pattern Book
People Seek 98
Personal Search Agent
Photocopier
PicPluck
Pictures In News
Ping Thingy
PingMaster
Planet.Billboard
Planet.MP3Find
PMS
ProtectX 3
ProxyChecker
QuadSucker/Web
Quadzle Puzzles
QuikLink Autobot
QuikLink Explorer
QuikLink Explorer Gold Edition
QuoteWatch
QWallet
Real Estate Web Site Creator
Recipe Review
ReGet 1.6
Resume Detective
RingSurf
RoboCam 1.10
Rosemary's Weird Web World
SaberQuest Page Burner
SBJV
SBWcc
Scout's Game
ScreenFIRE
ScreenFIRE - FileKing
ScreenFlavors
Sea Battle
Shizzam
Simple Submit
SimpleFind
SimpleSubmit v1.0
SK-111
Smart 'n Sticky
SmartBoard 200 FREE Edition
SmartSum calculator
SonicMail
Sound Agent
Space Central Screen Saver
Splash! Siterave
StartDrive
Static FTP
StockBrowser
Subscriber
SunEdit 2K
SuperIDE
Sweep
SweepsWinner
Text Transmogrifier
The Mapper
TheNet
TI-FindMail
TIFNY
Total Finger
Total Whois
Tracking The Eye
Trade Site Creator
TWinExplorer Standard
TypeWriter 1.0
UK Phone Codes
Vagabond's Realm
VeriMP3
Vertigo QSearch
Virtual Access
Visual Cyberadio
Visual Surfer
VOG Backgammon Main
VOG Backgammon Table
VOG Chess Main
VOG Chess Table
VOG Reversi Main
VOG Reversi Table
VOG Shell
VOG Shell
VOG Shell History
W3Filer
Web Coupon
Web Page Authoring Software
Web Registrant PRO
Web Resume
Web SurfACE
WEB2SMS
WebCamVCR
WebCopier
Web-N-Force
WebSaver
Website Manager
WebStripper
WebType
WhoIs Thingy
Win A Lotto
WinEdit 2000
Word+
Wordwright
WorldChat Client
Worm
www.devgames.com
xBlock
Your ESP Test
Zion
Zip Express 2000
---
Zor, this is something you might want to forward on to your readers
somehow.
The following is a listing of all software known to install the Aureate
spy on your system. The Aureate spy keeps track of your Internet
activities and sends a report to Aureate every time you open your
browser. The Aureate spy places the following files on a Windows
machine. [It is not known, yet, to affect Macintosh or Linux machines.]
The installed files are some or all of:
adimage.dll
advert.dll
advpack.dll
amcis.dll
amcis2.dll
amcompat.tlb
amstream.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipcclient.dll
msipcsv.exe
tfde.dll
Here is a review of the contents and
code contained in the DLL's that Aureate makes use of. Here are a
few of my findings up to this point:
advert.dll
=======
This DLL creates a hidden window every time you open your browser. It
creates and sends 4 pages of information to the Aureate servers using
port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you
installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and
area of country you are in )
4. A listing of ALL software that is shown in your registry as being
installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all
URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file
size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while
using your
browser
D.) the remote dialup number you are dialing in on (taken out of
your dialer configuration)
E.) dialup password if saved, does not "appear" at first glance
to send this through to them.
6. Contains programmers note: "Show me the money! I want to
be Mike!"
advpack.dll
=========
Used during the installation only to check for other needed files.
amcis.dll
=======
This DLL modifies the following registry keys:
1. HKEY_CURRENT_CONFIG
2. HKEY_DYN_DATA
3. HKEY_PERFORMANCE_DATA
4. HKEY_USERS
5. HKEY_LOCAL_MACHINE
6. HKEY_CURRENT_USER
7. HKEY_CLASSES_ROOT
Unregisterss oleaut32.dll from memory as provided by M$oft and
replaces with its own calls. Switches back to M$oft's when browser is
closed. Creates stub processes to be started anytime your browser is
opened.
amcompat.tlb
===========
This guy tracks any multimedia clips ( video/pictures/sound ) that
you view It tracks the rating level on the video/picture/sound and
title / location Contains references to DblClick ( still digging on
this one! )
amstream.dll
==========
Setups TWO way communications between your system and theirs.
Used to send info and receive update commands/files
Open port 1749 for communications
