Nothing worse than malwares, as you will see... and seekers & reversers should take great care in order to
avoid such sniffers and, at the same time, to detect, investigate (read: reverse engineer) and
denounce them to the unawares...
"But take care when you find your appz,
or you'll not gain your just rewardz,
your quest will all have been in vain,
and you will have to start again"
If you want to read about some examples of Malwares (let's help the unawares understand with
some famous examples)
then search the web for
Lotus 'secure encryption', 3com's 'debug' account, Id's Quake server
backdoor (password="tms") and
Borland's Interbase (ALL Interbase databases!) "politically/correct"
hardcoded password... alternatively, malwares are so widespread that you may
just run a 'strings' program like [strings]
on your binaries and see what it finds :-)
Btw, there's another advantage in running a strings program against your
often enough the various command-line options (and many other
options) are NOT documented properly. Hence running
"strings" on a binary is the only way to discover how to run your program
properly. When doing such operations on commercial software you will often
see information that the programmers most probably
would have preferred you NOT to see.
Another sniffing approach
is to use a good
program (i.e. one that does not chocke on windoze's swap files)
in order to find specific strings (for instance inside the messy
inferno of windows's subdirectories :-)
Various kinds of possible Malwares exploits
Backdoors and debug options
De congenito windozianicus scumware
If you are using a windoze system, it could be a good idea to
install a good firewall, like
sygate personal firewall pro (version 5.1 is easy to find on the web). Note,
however, that if you are using MSIE as a browser, you wont be able to avoid some
spywares, built inside windoze itself, like the start/search function in windows xp, which connects
on port 80 to sa.windows.com (22.214.171.124)
in order to deliver to microsoft's spyes your IP and what you are searching for on
your own harddisk.
The start/search function uses in fact windows explorer itself for its spying activities, and if
you have 'allowed' it to connect to the web as a browser, the firewall wont block it
Morale: DO NOT use Microsoft explorer, never, use a good browser instead.
De congenito googlianicus toolbare (February 2005)
Google has released a trial tool which is concerning because it directs people to pre-selected commercial websites.
The AutoLink "feature" comes with Google's toolbar and provides
links in a webpage to Amazon.com if it finds a book's ISBN number on the site.
It also links to Google's map service, if there is an address, or to car firm Carfax, if there is a licence plate.
Google's dominant position in the search engine market place means it is giving a competitive edge to firms like Amazon.
AutoLink works by creating a link to a website based on information contained in a webpage, even if there is no
link specified and whether or not the publisher of the page has given permission.
It means, for instance, that online libraries that list ISBN
book numbers are directing users to Amazon.com whether they like it or not.
They should thank GOD that there'are crackers and reversers around...
Software that hiddendly corrupts, checks or modifies your data by
db-cooper, +Tsehp, ArthaXerXes
Trojanized Commercial Shopping Cart
'This program -deliberately- allows arbitrary commands to be executed on the victim server'
Teleport Pro 1.29, malware galore by Faulpelz
RealNetwork's latest heavily-promoted goodie
by Lauren Weinstein, part of the [malware.htm]
(Mal behaving software) section
A 32-digit hexadecimal number in your URL ("URLs that bite", a first stab)
by +Forseti, part of the [malware.htm]
(Mal behaving software) section
Teleport Pro V1.29 (Build 1107) (Delving deeper into Teleport Pro 1.29)
by Faulpelz, part of the [malware.htm],
Reversing to Enhance and Expand (754 engines into the pot) by WayOutThere,
Advanced essay, part of the [bots],
and of the [essays] sections.
Careful With That Axe Eugine! (Exploitable Standards in the mad rush to jump on the 'file sharing' bandwagon)
by Finn61, part of
Some fun with Aureate (Faking DLLs for our own good)
by garph0, part of
Eliminating the evil real player
by Kane, November 2002,
part of the [essays],
and of the [malware]
(it was about time that some reverser would
'solve' the problems caused by the spyware known as Real player. Here is the solution. Read
and enjoy :-)
Scumware, Spyware, Adware, Spamware, Malware, sneakware and all sorts of other 'wares...
by shinohara, January 2004 part of the malware.htm
Weatherbug's nasty habits (Investigating spyware)
by shinohara, November 2004, part of the malware.htm
by ritz, August 2005
"i think this is sneaky and not very nice from mr google. also i wonder since
*when* have they been doing this? i'm quite sure i looked at googles SERPs
some years ago and it wasn't there"
Part of the malware section.
Far from being finished... and still awaiting +Forseti's essays...
Back to advanced
(c) III Millennium: [fravia+], all rights