Dear All,
NOTE: Read this *mail* ONLY if you are interested in protecting your
PC from someone spying. A serial allegation has been made against the
Aureate Medial Library Files in doing so and some common programs that
we use has been found using these library files. This mail is 616
lines long, so it's upto you. Mac and Unix users are Safe.
--------------
As one of the serious NET watcher says "Demographic information and
computer/internet usage is worth a lot of cash. I certainly don't
expect Aureate or Microsoft or anyone else to be honest about what
they are doing."
Aureate Media is a company which provides components (DLL/OCX) for
Advertising on Software. These DLL's (Dynamic Link Libraries) has now
been proved to *spying* your computers and passing some of the vital
information to the servers in Aureate. They have addressed this
allegation on their home page under "Privacy Hoax, Aureate addressees
false privacy rumors" (http://www.aureate.com). Though the Vice
President of the company denied the allegation (Note 2), the answers
from him are not satisfactory to this regard (Note 3).
Thanks to one of the *talented* programmers on the net who has taken
time to release a program that identifies and removes these *spy* files
from your system. Since the program can be freely distributed, I do not
take any responsibly of using this spy remover program. I personally
used it on my system to find 5 of the listed files and it completely
removed them from my system along with the registry entries. Later, few
of the original files have been replaced with versions that originally
don't belong to the OS for which you will need the *original* copy of
your operating system (Win 95 / 98 / NT / 2000). I can distribute this
spy remover *only* to this list users and please mail me back if you
would like to have it.
Please read the Note 1 (line number 53) for the allegation report which
clearly mentions about the dangers posed by these files installed on
your system. This note also lists some of the software's known to be
using these files as part of the installation system. The Vice
Presidents denial to this report has been put on the Note 2 (line
435). I did follow the discussions later on this particular issue and
copied the last part of the discussion as Note 3 (line 555).
Please do not forget to read the Note 3. The source of these reports
cannot be disclosed due to various reasons.
Best Regards,
Ganesh.
Asian Center for Research on Remote Sensing
http://www.acrors.ait.ac.th
Note 1: The Allegation Report:
------------------------------
The following is a listing of all software known to install the Aureate
spy on your system. The Aureate spy keeps track of your Internet
activities and sends a report to Aureate every time you open your
browser. The Aureate spy places the following files on a Windows
machine. [It is not known, yet, to affect Macintosh or Linux machines.]
The installed files are some or all of:
adimage.dll
advert.dll
advpack.dll
amcis.dll
amcis2.dll
amcompat.tlb
amstream.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipcclient.dll
msipcsv.exe
tfde.dll
Here is a review of the contents and
code contained in the DLL's that Aureate makes use of. Here are a
few of my findings up to this point:
advert.dll
==========
This DLL creates a hidden window every time you open your browser. It
creates and sends 4 pages of information to the Aureate servers using
port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you
installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and
area of country you are in )
4. A listing of ALL software that is shown in your registry as being
installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all
URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file
size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while
using your
browser
D.) the remote dialup number you are dialing in on (taken out of
your dialer configuration)
E.) dialup password if saved, does not "appear" at first glance
to send this through to them.
6. Contains programmers note: "Show me the money! I want to
be Mike!"
advpack.dll
===========
Used during the installation only to check for other needed files.
amcis.dll
=========
This DLL modifies the following registry keys:
1. HKEY_CURRENT_CONFIG
2. HKEY_DYN_DATA
3. HKEY_PERFORMANCE_DATA
4. HKEY_USERS
5. HKEY_LOCAL_MACHINE
6. HKEY_CURRENT_USER
7. HKEY_CLASSES_ROOT
Unregisterss oleaut32.dll from memory as provided by M$oft and
replaces with its own calls. Switches back to M$oft's when browser is
closed. Creates stub processes to be started anytime your browser is
opened.
amcompat.tlb
============
This guy tracks any multimedia clips ( video/pictures/sound ) that
you view It tracks the rating level on the video/picture/sound and
title / location Contains references to DblClick ( still digging on
this one! )
amstream.dll
==========
Setups TWO way communications between your system and theirs.
Used to send info and receive update commands/files
Open port 1749 for communications
==================================================
The programs that are known to install the Aureate spy are:
123Search
3d Anarchy
3D-FTP
3rd block
Abe's FTP Client
Abe's Image Viewer
Abe's MP3 Finder
Abe's Picture Finder
Abe's SMB Client
Access Diver III
Acorn Email
AcqURL
ActionOutline Light 1.6
Active 'Net
Add URL
Add/Remove Plus!
Address Rover 98
Admiral VirusScanner
Advanced Call Center
Advanced Maillist Verify
AdWizard
Alive and Kicking
alphaScape QuickPaste
ASP1-A3
Auction Explorer
Aureate Group Mail
Aureate SpamKiller
AutoFTP PRO
AutoWeb
AxelCD
Beatle
Binary Boy
BinaryVortex
Blue Engine
BookSmith : Original
buddyPhone 2
Calypso E-mail
CamGrab
Capture Express 2000
Cascoly Screensaver
CDDB-Reader
CDMaster32
ChanStat
Charity Banner
Cheat Machine
Check4New
ChinMail
Clabra clipboard viewer
Classic Peg Solitaire
ComTry Music Downloader
Crystal FTP
CSE HTML Validator Lite
CuteFTP 3.0
CuteFTP 3.0
CuteFTP/Tripod
CuteMX
CutePage
Danzig Pref Engine
DateTime
Delphi Component Test
Delphi Tester
Dialer 2000
DigiBand NewsWatch
DigiCams - The WebCam Viewer
Digital Postman
DirectUpdate
DL-Mail Pro 2000
DNScape
Doorbell 1.18
Download Minder 1.5
Download Wonder
DownLoader v.1.1
Dwyco Video Conferencing
EasySeeker
EmmaSoft ChatCat
EmmaSoft dBrow
EmmaSoft KeepLan
EmmaSoft Soundz
EnvoyMail
EZ-Forms FREE
File Mag-Net
FileSplit
Folder Guard Jr.
FourTimes
Free Picture Harvester
Free Solitaire
Free Spades
Free Submitter Pro
FreeImageEditor
FreeIRC
FreeNotePad
FreeSite
FreeWebBrowser
FreeWebMail
FreeZip!
FTPEditor
GetRight
Go!Zilla
Go!Zilla WebAttack
GovernMail
Grafula
Gunther's PasswordSentry
HangWeb
hesci Private Label
HTML Translator
HTTP Proxy-Spy
Huey v1.8 Color Picker
Iban Technologies IP Tools 3.1
Idyle GimmIP
Idyle GimmIP
iFind Graphics
imageN
Infinite Patience
InfoBlast
InnovaClub
InstallZIP
Internet Tree
Internetrix
InterWebWord Companion
JetCar
JFK Research
jIRC
JOC Email Checker
JOC Web Finder
JOC Web Spider
KVT Diplom
LapLink FTP
LineSoft Download
LOL Chat
LOL Chat
Mail Them
Meracl FontMap
Meracl ImageMap Generator
Midnight Oil Solitaire
MirNik Internet Finder
More Space 99
MouseAssist
MP3 Album Finder
MP3 Fiend
MP3 Grouppie
MP3 Mag-Net
MP3 Renamer
Mp3 Stream Recorder
MP3INFO-Editor
MultiSender
Music Genie
MX Inspector BIG AD
My Genie Patriots
My Genie SE
My GetRight
NeatFTP
Net CB
Net Scan 2000
Net Vampire
Net-A-Car Feature Car Screensaver
NetAnts
NetBoard
Netbus Pro 2.10
NetCaptor 5.0
Netman Downloader
NetNak
NetSuck 3.10.5
NetTime Thingy
Network Assistant
NeuroStock
NewsBin
NewsShark
NewsWire
NfoNak
NotePads+
Notificator 1.0b
Octopus
Pattern Book
People Seek 98
Personal Search Agent
Photocopier
PicPluck
Pictures In News
Ping Thingy
PingMaster
Planet.Billboard
Planet.MP3Find
PMS
ProtectX 3
ProxyChecker
QuadSucker/Web
Quadzle Puzzles
QuikLink Autobot
QuikLink Explorer
QuikLink Explorer Gold Edition
QuoteWatch
QWallet
Real Estate Web Site Creator
Recipe Review
ReGet 1.6
Resume Detective
RingSurf
RoboCam 1.10
Rosemary's Weird Web World
SaberQuest Page Burner
SBJV
SBWcc
Scout's Game
ScreenFIRE
ScreenFIRE - FileKing
ScreenFlavors
Sea Battle
Shizzam
Simple Submit
SimpleFind
SimpleSubmit v1.0
SK-111
Smart 'n Sticky
SmartBoard 200 FREE Edition
SmartSum calculator
SonicMail
Sound Agent
Space Central Screen Saver
Splash! Siterave
StartDrive
Static FTP
StockBrowser
Subscriber
SunEdit 2K
SuperIDE
Sweep
SweepsWinner
Text Transmogrifier
The Mapper
TheNet
TI-FindMail
TIFNY
Total Finger
Total Whois
Tracking The Eye
Trade Site Creator
TWinExplorer Standard
TypeWriter 1.0
UK Phone Codes
Vagabond's Realm
VeriMP3
Vertigo QSearch
Virtual Access
Visual Cyberadio
Visual Surfer
VOG Backgammon Main
VOG Backgammon Table
VOG Chess Main
VOG Chess Table
VOG Reversi Main
VOG Reversi Table
VOG Shell
VOG Shell
VOG Shell History
W3Filer
Web Coupon
Web Page Authoring Software
Web Registrant PRO
Web Resume
Web SurfACE
WEB2SMS
WebCamVCR
WebCopier
Web-N-Force
WebSaver
Website Manager
WebStripper
WebType
WhoIs Thingy
Win A Lotto
WinEdit 2000
Word+
Wordwright
WorldChat Client
Worm
www.devgames.com
xBlock
Your ESP Test
Zion
Zip Express 2000
Note 2: The Denial Note from the Aureate Media Vice President:
--------------------------------------------------------
A variety of false rumors have been started, and we would appreciate
your help in finding the source of these rumors so that we can clarify
what our technology actually does and put these to rest.
As you may already know, what Aureate Media does is work with software
companies to make their products advertising supported. Aureate's
technology allows for these advertisements to be delivered and displayed
within the software products of these software products.
The following concerns are those that have been brought to our
attention. If you have additional
concerns, please do contact us directly.
Advert.dll creates a hidden window every time you open your browser
This is true, but this happens because of the way that Microsoft Windows
networking works. You will find that in running almost any windows
program that hidden windows are created as this is how the OS was
designed.
Advert.dll creates and sends 4 pages of information to Aureate on port
1749
We aren't sure exactly what is being referred to here. The first time
someone installs software they are presented with an optional
demographic survey (none of the information is required), and this
information is sent to us one time (after the survey is completed).
Prior to answering these questions, the user is presented with
information explaining why we ask these questions and how the answers
are used. The information sent is only the information provided.
The use of port 1749 is misleading, as again this is something built
into the way that Microsoft
Windows networking works. Windows will pick a high numbered port (1500+)
in a largely random fashion. Again, this is how the OS works.
Advert.dll will send your name to Aureate as it is listed in the system
registry
Completely false.
Advert.dll will send your IP address to Aureate Your IP address is sent,
again because of the way that Microsoft Windows networking and TCP/IP
protocol works. An IP address is
obviously required in order to communicate with an internet server in
any instance.
Advert.dll performs a reverse DNS lookup on your IP address
Here again, it is Microsoft Windows networking that does this as part
of the OS networking system.
Advert.dll creates a process anytime your browser is open.
This is true. This process delivers advertisements to a cache on the
users PC which are displayed while the software is being run. This works
in a similar way to how the browser works, with content and images
(including ads) being delivered to a cache on the users PC and then are
displayed in the browser window.
Advert.dll sends a list of all software listed in your registry
Completely false.
Advert.dll sends a list of all URL's you click on/visit
Completely false.
Advert.dll sends a list of all ad banners you click on
Completely false. We will of course know when you click on an ad banner
that we delivered such that we can send the user to that advertisers web
site in the same way that any ad network works.
Advert.dll will send all downloads you perform and related information
Completely false.
Advert.dll will send full time and date stamps of all your actions while
you use your browser.
Completely false.
Advert.dll contains the string "Show me the money! I want to be Mike!"
This is true. It's a text string used by the DLL. DLLs contain many text
strings which are used by the DLL itself. For example, if a particular
program displayed a window which contained the text "Hello World", then
the "Hello World" text string would be present inside that DLL.
Advpack.dll (and all comments relating to it)
Completely false. Advpack.dll is not one of our DLLs.
Amcis.dll modifies the following registry keys: (list of keys removed)
Amcis.dll will only add itself to the HKEY_CLASSES_ROOT registry key, as
does any DLL installed on your system. It simply tells Windows where to
find the DLLs your programs use.
Amcompat.tlb (and all comments relating to it)
Completely false. Amcompat.tlb is not one of our files.
Amstream.dll (and all comments relating to it)
Completely false. Amstream.dll is not one of our DLLs.
If you have any further questions, please don't hesitate to call or
write.
Thanks,
Jeremy
----
Jeremy J. Newton, VP Sales
Aureate Media Corporation
http://www.aureate.com
Note 3: Discussion on the net about the Aurate Spy and Solution:
----------------------------------------------------------------
Some comments first of all about the Aureate topic that we've been
discussing over the last few days. We've got the official word from
Aureate, and seems like they have no intention of changing the way
things are. So if that's the way it's going to stay, I guess the most
important thing is how to remove this damn advert.dll that's causing
the problems. For me at least, the privacy issues almost take
secondary place to the fact that I'd like to be able to browse the net
without Netscape crashing every 20 minutes or so.
I'm lucky in that advert.dll seems to have stayed off once I've
removed it. A reader warned today though that he doesn't think you can
get rid of the trouble by just removing advert.dll and the other
files. He said he found ten references to just one of them in the Win
98 registry. He suggested removing the dll and then using Fix-It
Utilities 99 to remove all references to the program. He says that
after removing the references found in the first go, Fix-It suggests
you hit "Back" and see if removal of those references allows further
removals (like type libraries now empty due to the first go).
Another reader went straight to Aureate, telling them that he had
deleted the only free program (GO!ZILLA) from his pc, but it did not
remove all of Aureate's ad delivery files. The beleaguered Jeremy J.
Newton, VP Sales of Aureate, wrote back saying "If you are no longer
using the software, you can delete "amcis.dll" and "advert.dll" and
the connections should stop.
You can also delete the following registry keys:
HKEY_CLASSES_ROOT\Software\Aureate\
You may also delete the following directories:
amc
amcdl
Please keep in mind that if you have other programs on your machine
that use our technology, they may cease to function without these
files and registry keys."
Which leads me to ask "what if we are NOT using any programs that use
Aureate technology?? Would we just continue having advert.dll crash
our browser and never know exactly what was going on? But looks like
we've got a solution! Once again, that top programmer Cokebottle has
come to the rescue. Earlier today he made the 'AntiAureateSpy
Remover', a program that finds and removes the SPY Files from your PC.
As Cokebottle told me, "It'll rattle ya floppy drive for a while then
go on and list all the spy files. Then you click remove and they're
gone and ya PC will be better off and EVERYTHING still RUNS 100%"
Antispy found about four of those little things on my system and
removed them. Not sure how it all works, but I assume it removes them
from the registry and they're gone for good. Great work from
Cokebottle, the first person to do something about this very serious
practice from Aureate. I'm sure all readers will join me in saying a
big thanks to Cokebottle for this!
We might let another reader have the final say on this subject:
"Demographic information and computer/internet usage is worth a lot
of cash. I certainly don't expect Aureate or Microsoft or anyone else
to be honest about what they are doing."
=========================================================================
----------------------------------------------------------------------
To unsubscribe from this list, send e-mail to [EMAIL PROTECTED] and put
"unsubscribe MAPINFO-L" in the message body, or contact [EMAIL PROTECTED]