A message appeared to one Internet forum in March, 2000, which
accused Aureate.com of spying computer users that have Aureate
F-Secure and other companies have been unable to confirm these
rumours to be true or false. The company behind Aureate, called
Radiate, has denied all such allegations.
F-Secure Anti-Virus doesn't detect Aureate, TimSink and other
Here's the original message that was forwarded
to the forum by another person:
It seems that a company named aureate.com has been secretly
collecting data off everyone who uses applications that
incorprate their banner ad software. Look at the below e-mail
for details. Also its true last night the freind that sent me
this ran netstat -a to monitor his ports and sure enough while
running gozilla and downloaading something through it.
The following is a listing of all software known to install the
Aureate spy on your system. The Aureate spy keeps track of your
Internet activities and sends a report to Aureate every time you
open your browser. The Aureate spy places the following files on
a Windows machine. [It is not known, yet, to affect Macintosh or
The installed files are some or all of:
========== ========== ========== ==========
OK folks, living up to my reputation as a 'bulldog' when I get
my teeth into something, I have been busy 'reviewing' the
contents and code contained in the DLL's that Aureate makes use
of. Here are a few of my findings up to this point:
This DLL creates a hidden window every time you open your
browser. It creates and sends 4 pages of information to the
Aureate servers using port 1749 on your system, these pages
1. Your name as listed in the system registry ( not the name you
installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP
and area of country you are in )
4. A listing of ALL software that is shown in your registry as
being installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on
all URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file
size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while using
D.) the remote dialup number you are dialing in on (taken out
of your dialer configuration)
E.) dialup password if saved, does not "appear" at first
glance to send this through to them.
6. Contains programmers note: "Show me the money! I want to be Mike!"
Used during the installation only to check for other needed
This DLL modifies the following registry keys:
Unregisterss oleaut32.dll from memory as provided by M$oft and
replaces with its own calls. Switches back to M$oft's when
browser is closed. Creates stub processes to be started anytime
your browser is opened.
This guy tracks any multimedia clips ( video/pictures/sound )
that you view It tracks the rating level on the
video/picture/sound and title / location Contains references to
DblClick ( still digging on this one! )
Setups TWO way communications between your system and theirs.
Used to send info and receive update commands/files Open port
1749 for communications
The programs that are known to install the Aureate spy are:
Abe's FTP Client
Abe's Image Viewer
Abe's MP3 Finder
Abe's Picture Finder
Abe's SMB Client
Access Diver III
ActionOutline Light 1.6
Address Rover 98
Advanced Call Center
Advanced Maillist Verify
Alive and Kicking
Aureate Group Mail
BookSmith : Original
Capture Express 2000
Clabra clipboard viewer
Classic Peg Solitaire
ComTry Music Downloader
CSE HTML Validator Lite
Danzig Pref Engine
Delphi Component Test
DigiCams - The WebCam Viewer
DL-Mail Pro 2000
Download Minder 1.5
Dwyco Video Conferencing
Folder Guard Jr.
Free Picture Harvester
Free Submitter Pro
hesci Private Label
Huey v1.8 Color Picker
Iban Technologies IP Tools 3.1
JOC Email Checker
JOC Web Finder
JOC Web Spider
Meracl ImageMap Generator
Midnight Oil Solitaire
MirNik Internet Finder
More Space 99
MP3 Album Finder
Mp3 Stream Recorder
MX Inspector BIG AD
My Genie Patriots
My Genie SE
Net Scan 2000
Net-A-Car Feature Car Screensaver
Netbus Pro 2.10
People Seek 98
Personal Search Agent
Pictures In News
QuikLink Explorer Gold Edition
Real Estate Web Site Creator
Rosemary's Weird Web World
SaberQuest Page Burner
ScreenFIRE - FileKing
Smart 'n Sticky
SmartBoard 200 FREE Edition
Space Central Screen Saver
Tracking The Eye
Trade Site Creator
UK Phone Codes
VOG Backgammon Main
VOG Backgammon Table
VOG Chess Main
VOG Chess Table
VOG Reversi Main
VOG Reversi Table
VOG Shell History
Web Page Authoring Software
Web Registrant PRO
Win A Lotto
Your ESP Test
Zip Express 2000
Here is Aureate's answer to the published allegations:
A variety of false rumors have been started, and we would
appreciate your help in finding the source of these rumors so
that we can clarify what our technology actually does and put
these to rest.
As you may already know, what Aureate Media does is work with
software companies to make their products advertising supported.
Aureate's technology allows for these advertisements to be
delivered and displayed within the software products of these
The following concerns are those that have been brought to our
attention. If you have additional concerns, please do contact
Advert.dll creates a hidden window every time you open your
This is true, but this happens because of the way that Microsoft
Windows networking works. You will find that in running almost
any windows program that hidden windows are created as this is
how the OS was designed.
Advert.dll creates and sends 4 pages of information to Aureate
on port 1749
We aren't sure exactly what is being referred to here. The
first time someone installs software they are presented with an
optional demographic survey (none of the information is
required), and this information is sent to us one time (after
the survey is completed). Prior to answering these questions,
the user is presented with information explaining why we ask
these questions and how the answers are used. The information
sent is only the information provided.
The use of port 1749 is misleading, as again this is something
built into the way that Microsoft Windows networking works.
Windows will pick a high numbered port (1500+) in a largely
random fashion. Again, this is how the OS works.
Advert.dll will send your name to Aureate as it is listed in
the system registry
Advert.dll will send your IP address to Aureate
Your IP address is sent, again because of the way that Microsoft
Windows networking and TCP/IP protocol works. An IP address is
obviously required in order to communicate with an internet
server in any instance.
Advert.dll performs a reverse DNS lookup on your IP address
Here again, it is Microsoft Windows networking that does this as
part of the OS networking system.
Advert.dll creates a process anytime your browser is open.
This is true. This process delivers advertisements to a cache
on the users PC which are displayed while the software is being
run. This works in a similar way to how the browser works, with
content and images (including ads) being delivered to a cache on
the users PC and then are displayed in the browser window.
Advert.dll sends a list of all software listed in your
Advert.dll sends a list of all URL's you click on/visit
Advert.dll sends a list of all ad banners you click on
Completely false. We will of course know when you click on an
ad banner that we delivered such that we can send the user to
that advertisers web site in the same way that any ad network
Advert.dll will send all downloads you perform and related
Advert.dll will send full time and date stamps of all your
actions while you use your browser.
Advert.dll contains the string "Show me the money! I want to
This is true. It's a text string used by the DLL. DLLs contain
many text strings which are used by the DLL itself. For
example, if a particular program displayed a window which
contained the text "Hello World", then the "Hello World" text
string would be present inside that DLL.
Advpack.dll (and all comments relating to it)
Completely false. Advpack.dll is not one of our DLLs.
Amcis.dll modifies the following registry keys: (list of keys
Amcis.dll will only add itself to the HKEY_CLASSES_ROOT registry
key, as does any DLL installed on your system. It simply tells
Windows where to find the DLLs your programs use.
Amcompat.tlb (and all comments relating to it)
Completely false. Amcompat.tlb is not one of our files.
Amstream.dll (and all comments relating to it)
Completely false. Amstream.dll is not one of our DLLs.
We performed our own investigation and we can not confirm these
rumours to be true or false. Aureate components cause some extra
Internet traffic when you browse the Net. 60-100 bytes long data
packets are periodically sent to several websites including Aureate
and its business partners.
We have found no indication that any confidential details of the user
or any data is sent out with those packets and so we can not give
conclusive statement whether Aureate is a privacy threat or not.
To use Aureate or not to use? F-Secure Corporation cannot make this
decision for you.
There is no fate but what we make for ourselves.
[F-Secure Corp., 2000]