Aureate 'Spying' case
A message appeared to one Internet forum in March, 2000, which accused Aureate.com of spying computer users that have Aureate components installed.
F-Secure and other companies have been unable to confirm these rumours to be true or false. The company behind Aureate, called Radiate, has denied all such allegations.
F-Secure Anti-Virus doesn't detect Aureate, TimSink and other 'adware'.
Here's the original message that was forwarded to the forum by another person:
It seems that a company named aureate.com has been secretly collecting data off everyone who uses applications that incorprate their banner ad software. Look at the below e-mail for details. Also its true last night the freind that sent me this ran netstat -a to monitor his ports and sure enough while running gozilla and downloaading something through it. The following is a listing of all software known to install the Aureate spy on your system. The Aureate spy keeps track of your Internet activities and sends a report to Aureate every time you open your browser. The Aureate spy places the following files on a Windows machine. [It is not known, yet, to affect Macintosh or Linux machines.] The installed files are some or all of: adimage.dll advert.dll advpack.dll amcis.dll amcis2.dll amcompat.tlb amstream.dll anadsc.ocx anadscb.ocx htmdeng.exe ipcclient.dll msipcsv.exe tfde.dll ========== ========== ========== ========== Dale said: OK folks, living up to my reputation as a 'bulldog' when I get my teeth into something, I have been busy 'reviewing' the contents and code contained in the DLL's that Aureate makes use of. Here are a few of my findings up to this point: advert.dll ======= This DLL creates a hidden window every time you open your browser. It creates and sends 4 pages of information to the Aureate servers using port 1749 on your system, these pages include: 1. Your name as listed in the system registry ( not the name you installed one of the programs with ) 2. Your IP address 3. The reverse DNS match of your address. ( tells them what ISP and area of country you are in ) 4. A listing of ALL software that is shown in your registry as being installed. ( Not just the companies they work with ) 5. This DLL sends the following information to their server on all URL's you visit: A.) ad banners you may click on B.) all downloads you do showing the filename/file size/date/time/type of file(image, zip,executable, etc) C.) full time and date stamps of all your actions while using your browser D.) the remote dialup number you are dialing in on (taken out of your dialer configuration) E.) dialup password if saved, does not "appear" at first glance to send this through to them. 6. Contains programmers note: "Show me the money! I want to be Mike!" advpack.dll ========= Used during the installation only to check for other needed files. amcis.dll ======= This DLL modifies the following registry keys: 1. HKEY_CURRENT_CONFIG 2. HKEY_DYN_DATA 3. HKEY_PERFORMANCE_DATA 4. HKEY_USERS 5. HKEY_LOCAL_MACHINE 6. HKEY_CURRENT_USER 7. HKEY_CLASSES_ROOT Unregisterss oleaut32.dll from memory as provided by M$oft and replaces with its own calls. Switches back to M$oft's when browser is closed. Creates stub processes to be started anytime your browser is opened. amcompat.tlb =========== This guy tracks any multimedia clips ( video/pictures/sound ) that you view It tracks the rating level on the video/picture/sound and title / location Contains references to DblClick ( still digging on this one! ) amstream.dll ========== Setups TWO way communications between your system and theirs. Used to send info and receive update commands/files Open port 1749 for communications ================================================== The programs that are known to install the Aureate spy are: 123Search 3d Anarchy 3D-FTP 3rd block Abe's FTP Client Abe's Image Viewer Abe's MP3 Finder Abe's Picture Finder Abe's SMB Client Access Diver III Acorn Email AcqURL ActionOutline Light 1.6 Active 'Net Add URL Add/Remove Plus! Address Rover 98 Admiral VirusScanner Advanced Call Center Advanced Maillist Verify AdWizard Alive and Kicking alphaScape QuickPaste ASP1-A3 Auction Explorer Aureate Group Mail Aureate SpamKiller AutoFTP PRO AutoWeb AxelCD Beatle Binary Boy BinaryVortex Blue Engine BookSmith : Original buddyPhone 2 Calypso E-mail CamGrab Capture Express 2000 Cascoly Screensaver CDDB-Reader CDMaster32 ChanStat Charity Banner Cheat Machine Check4New ChinMail Clabra clipboard viewer Classic Peg Solitaire ComTry Music Downloader Crystal FTP CSE HTML Validator Lite CuteFTP 3.0 CuteFTP 3.0 CuteFTP/Tripod CuteMX CutePage Danzig Pref Engine DateTime Delphi Component Test Delphi Tester Dialer 2000 DigiBand NewsWatch DigiCams - The WebCam Viewer Digital Postman DirectUpdate DL-Mail Pro 2000 DNScape Doorbell 1.18 Download Minder 1.5 Download Wonder DownLoader v.1.1 Dwyco Video Conferencing EasySeeker EmmaSoft ChatCat EmmaSoft dBrow EmmaSoft KeepLan EmmaSoft Soundz EnvoyMail EZ-Forms FREE File Mag-Net FileSplit Folder Guard Jr. FourTimes Free Picture Harvester Free Solitaire Free Spades Free Submitter Pro FreeImageEditor FreeIRC FreeNotePad FreeSite FreeWebBrowser FreeWebMail FreeZip! FTPEditor GetRight Go!Zilla Go!Zilla WebAttack GovernMail Grafula Gunther's PasswordSentry HangWeb hesci Private Label HTML Translator HTTP Proxy-Spy Huey v1.8 Color Picker Iban Technologies IP Tools 3.1 Idyle GimmIP Idyle GimmIP iFind Graphics imageN Infinite Patience InfoBlast InnovaClub InstallZIP Internet Tree Internetrix InterWebWord Companion JetCar JFK Research jIRC JOC Email Checker JOC Web Finder JOC Web Spider KVT Diplom LapLink FTP LineSoft Download LOL Chat LOL Chat Mail Them Meracl FontMap Meracl ImageMap Generator Midnight Oil Solitaire MirNik Internet Finder More Space 99 MouseAssist MP3 Album Finder MP3 Fiend MP3 Grouppie MP3 Mag-Net MP3 Renamer Mp3 Stream Recorder MP3INFO-Editor MultiSender Music Genie MX Inspector BIG AD My Genie Patriots My Genie SE My GetRight NeatFTP Net CB Net Scan 2000 Net Vampire Net-A-Car Feature Car Screensaver NetAnts NetBoard Netbus Pro 2.10 NetCaptor 5.0 Netman Downloader NetNak NetSuck 3.10.5 NetTime Thingy Network Assistant NeuroStock NewsBin NewsShark NewsWire NfoNak NotePads+ Notificator 1.0b Octopus Pattern Book People Seek 98 Personal Search Agent Photocopier PicPluck Pictures In News Ping Thingy PingMaster Planet.Billboard Planet.MP3Find PMS ProtectX 3 ProxyChecker QuadSucker/Web Quadzle Puzzles QuikLink Autobot QuikLink Explorer QuikLink Explorer Gold Edition QuoteWatch QWallet Real Estate Web Site Creator Recipe Review ReGet 1.6 Resume Detective RingSurf RoboCam 1.10 Rosemary's Weird Web World SaberQuest Page Burner SBJV SBWcc Scout's Game ScreenFIRE ScreenFIRE - FileKing ScreenFlavors Sea Battle Shizzam Simple Submit SimpleFind SimpleSubmit v1.0 SK-111 Smart 'n Sticky SmartBoard 200 FREE Edition SmartSum calculator SonicMail Sound Agent Space Central Screen Saver Splash! Siterave StartDrive Static FTP StockBrowser Subscriber SunEdit 2K SuperIDE Sweep SweepsWinner Text Transmogrifier The Mapper TheNet TI-FindMail TIFNY Total Finger Total Whois Tracking The Eye Trade Site Creator TWinExplorer Standard TypeWriter 1.0 UK Phone Codes Vagabond's Realm VeriMP3 Vertigo QSearch Virtual Access Visual Cyberadio Visual Surfer VOG Backgammon Main VOG Backgammon Table VOG Chess Main VOG Chess Table VOG Reversi Main VOG Reversi Table VOG Shell VOG Shell VOG Shell History W3Filer Web Coupon Web Page Authoring Software Web Registrant PRO Web Resume Web SurfACE WEB2SMS WebCamVCR WebCopier Web-N-Force WebSaver Website Manager WebStripper WebType WhoIs Thingy Win A Lotto WinEdit 2000 Word+ Wordwright WorldChat Client Worm www.devgames.com xBlock Your ESP Test Zion Zip Express 2000
Here is Aureate's answer to the published allegations:
A variety of false rumors have been started, and we would appreciate your help in finding the source of these rumors so that we can clarify what our technology actually does and put these to rest. As you may already know, what Aureate Media does is work with software companies to make their products advertising supported. Aureate's technology allows for these advertisements to be delivered and displayed within the software products of these software products. The following concerns are those that have been brought to our attention. If you have additional concerns, please do contact us directly. Advert.dll creates a hidden window every time you open your browser This is true, but this happens because of the way that Microsoft Windows networking works. You will find that in running almost any windows program that hidden windows are created as this is how the OS was designed. Advert.dll creates and sends 4 pages of information to Aureate on port 1749 We aren't sure exactly what is being referred to here. The first time someone installs software they are presented with an optional demographic survey (none of the information is required), and this information is sent to us one time (after the survey is completed). Prior to answering these questions, the user is presented with information explaining why we ask these questions and how the answers are used. The information sent is only the information provided. The use of port 1749 is misleading, as again this is something built into the way that Microsoft Windows networking works. Windows will pick a high numbered port (1500+) in a largely random fashion. Again, this is how the OS works. Advert.dll will send your name to Aureate as it is listed in the system registry Completely false. Advert.dll will send your IP address to Aureate Your IP address is sent, again because of the way that Microsoft Windows networking and TCP/IP protocol works. An IP address is obviously required in order to communicate with an internet server in any instance. Advert.dll performs a reverse DNS lookup on your IP address Here again, it is Microsoft Windows networking that does this as part of the OS networking system. Advert.dll creates a process anytime your browser is open. This is true. This process delivers advertisements to a cache on the users PC which are displayed while the software is being run. This works in a similar way to how the browser works, with content and images (including ads) being delivered to a cache on the users PC and then are displayed in the browser window. Advert.dll sends a list of all software listed in your registry Completely false. Advert.dll sends a list of all URL's you click on/visit Completely false. Advert.dll sends a list of all ad banners you click on Completely false. We will of course know when you click on an ad banner that we delivered such that we can send the user to that advertisers web site in the same way that any ad network works. Advert.dll will send all downloads you perform and related information Completely false. Advert.dll will send full time and date stamps of all your actions while you use your browser. Completely false. Advert.dll contains the string "Show me the money! I want to be Mike!" This is true. It's a text string used by the DLL. DLLs contain many text strings which are used by the DLL itself. For example, if a particular program displayed a window which contained the text "Hello World", then the "Hello World" text string would be present inside that DLL. Advpack.dll (and all comments relating to it) Completely false. Advpack.dll is not one of our DLLs. Amcis.dll modifies the following registry keys: (list of keys removed) Amcis.dll will only add itself to the HKEY_CLASSES_ROOT registry key, as does any DLL installed on your system. It simply tells Windows where to find the DLLs your programs use. Amcompat.tlb (and all comments relating to it) Completely false. Amcompat.tlb is not one of our files. Amstream.dll (and all comments relating to it) Completely false. Amstream.dll is not one of our DLLs.
We performed our own investigation and we can not confirm these rumours to be true or false. Aureate components cause some extra Internet traffic when you browse the Net. 60-100 bytes long data packets are periodically sent to several websites including Aureate and its business partners.
We have found no indication that any confidential details of the user or any data is sent out with those packets and so we can not give conclusive statement whether Aureate is a privacy threat or not.
To use Aureate or not to use? F-Secure Corporation cannot make this decision for you.
There is no fate but what we make for ourselves.
[F-Secure Corp., 2000]