What’s
Happening Under the Covers
Part 3
by Fred Hume
Last month we looked at the
latest dealings in the E-mail world and the month before we took a look
at the makers of blocking software for our schools selling out on our kids.
This month we’ll take a look
at another major player in the information game, Aureate\Radiate.
Now, the company name might
not ring any bells with you but they are a major player on the Internet.
What they do is provide a large portion of the banner ads you see when
you go to a web page. The banners are, of course paid for by the companies
that are advertised there in. What Radiate, ( their current name because
no body could pronounce the other one), dose is provide linkage for tracking
purposes for these advertisers. If you watch the progress bar closely on
the bottom of your web browser, when one of these ads pop up on a web page,
you’ll see it linking to Radiate under the covers.
Ok, no big deal. So they want
to know a little about who sees their ads. Believe it or not, even I can
understand that one. (Hey, I’m not heartless toward business.)
But lets add another factor
to the mix. The one where you can run all over the Internet and see all
this great “free” software you can have just by downloading it. Cool! Right??
Well . . .did you ever see a little
blurb that sometimes says “this is free because it is sponsored by advertising.??
In other words in exchange for the free software you have to look at somebody’s
ad when you run it. Voila! Enter our old friends Aureate\Radiate. They
provide the ads. They also provide a few little software surprise you may
not be aware of.
Here’s some of those little surprises
and what they do that you don’t see.
adimage.dll, advert.dll, advpack.dll, amcis.dll, amcis2.dll, amcompat.tlb,
amstream.dll,
anadsc.ocx, anadscb.ocx,
htmdeng.exe, ipcclient.dll, msipcsv.exe, tfde.dll
advert.dll
This DLL creates a hidden window
every time you open your browser. It creates and sends 4 pages of information
to the Aureate servers using port 1749 on your system, these pages include:
1. Your name as listed in the system
registry ( not the name you installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your
address. ( tells them what ISP and area of country you are in )
4. A listing of ALL software that
is shown in your registry as being installed. ( Not just the companies
they work with )
5. This DLL sends the following
information to their server on all URL's you visit:
A.) ad banners
you may click on
B.) all downloads
you do showing the filename/file size/date/time/type of file(image, zip,
executable, etc)
C.) full time
and date stamps of all your actions while using your browser
D.) the remote
dialup number you are dialing in on (taken out of your dialer configuration)
E.) dial-up password
if saved, does not "appear" at first glance to send this through to them.
advpack.dll
Used during the installation only
to check for other needed files.
amcis.dll
This DLL modifies the following
registry keys:
1. HKEY_CURRENT_CONFIG
2. HKEY_DYN_DATA
3. HKEY_PERFORMANCE_DATA
4. HKEY_USERS
5. HKEY_LOCAL_MACHINE
6. HKEY_CURRENT_USER
7. HKEY_CLASSES_ROOT
Unregisterss oleaut32.dll from memory
as provided by M$oft and replaces with its own calls. Switches back to
M$oft's when browser is closed. Creates stub processes to be started anytime
your browser is opened.
amcompat.tlb
This guy tracks any multimedia clips
( video/pictures/sound ) that
you view It tracks the rating level
on the video/picture/sound and
title / location Contains references
to DblClick
amstream.dll
Sets up TWO way communications between
your system and theirs.
Used to send info and receive update
commands/files. Opens port 1749 for communications
You can get a pretty good
idea of what all happens i.e. browser hangs, system crashes, etc because
of this “spyware by typing in the keyword “aureate” to most any search
engine and following the links it returns. You’ll find much more info than
I can provide here. You’ll also find tools to correct this.
.
|