Bugtraq mailing list archives

FTPPro has weird features - Fwd: Important matter for your abuse department

From: cedric () CEDRIC NET (Cedric Amand)
Date: Fri, 28 Jan 2000 16:26:52 +0100


Just received a couple of such E-mails, I'm working in a european ISP
and I thought it could interest some of you.

I don't use this program ( www.ftppro.com ) myself, but it looks
like this company finds normal to have "trojan-like" features
in their program, not only are they spamming a nationwide ISP
with crap like this (I don't care if my customers don't pay
their licenses !) but they also submitted me with a valid
login in each of their emails, logins that were entered into
the FTP program by our customers.

So I guess the program sends login information (at least login, ftp
server target and source IP, possibly password as well) to
a central site or something.
Reverse engineer the program if you do care. ;)

And as for the legal arguments in this crap, the world != the US and
all of this junk has no meaning whatsoever in 99% of the world.

--
--< Cedric "Ced" Amand >--< cedric.amand () staff skynet be >--
--< http://cedric.net/ >--< Data Security Manager SKYNET >--

This is a forwarded message from FTPPro () FTPPro com about
Important matter for your abuse department

===8<==============Original message text===============
From: FTPPro <FTPPro () FTPPro com>
Subject: Important matter for your abuse department

To: skynet.be

re: Your FTP Address:<CENSORED>
     Abuser's Username (on your FTP Site): <CENSORED>
     Abuser's Hostname (on their local computer): <CENSORED>

The above-mentioned user has been using an unauthorized copy of our product,
FTPPro, for the purpose of transferring files via FTP to your server.

Under the Digital Millennium Copyright Act of 1998, it is illegal for you to
provide internet access to anyone who uses that access to infringe upon
copyrighted material. Your failure to comply with the Copyright Act shall
represent a violation of Federal Law.

To protect our program from this abuse, FTPPro requires that every User
accepts the terms of our User Agreement before using FTPPro. Our User
Agreement indicates that we will send a message to the Server which is
accessed by any unauthorized user, to inform them of this abuse.

In addition to the Username and Hostname shown at the beginning of this
letter, we have also received additional information which uniquely
identifies this unauthorized user.

This person has submitted numerous unauthorized serial numbers to our
server. This action has caused damage to our business, as records for our
authorized users have been overwritten.

This person could not have run FTPPro without having first accepted the
terms of our User Agreement, which includes the following provision:

    By submitting falsified registration information, or
    maliciously attempting to use FTPPro after the evaluation
    period has expired, the user shall immediately be
    obligated to pay the Registration Fee of $95.00.

This user is therefore obligated to immediately mail a money order for
$95.00 to:

    Sabine Consulting
    PO Box 5296
    Playa Del Rey, CA 90296

If we do not receive this user's money order within 7 (seven) days, then we
shall act as follows:

1. FTPPro is a copyrighted program. There are numerous notices throughout
the program which indicate that unauthorized usage of FTPPro is a violation
of Federal Copyright Law. The appropriate federal authorities shall be
informed of this user's violation of the Federal Copyright Law.

2. This user was fully aware that their unauthorized usage of FTPPro would
cause falsified credit card information to be transmitted over the internet.
The appropriate federal authorities shall be informed of this user's
violation of the Interstate Commerce Law.

----------------------------------------------------

We do not wish to receive any apologies or excuses from this user. The terms
contained within the FTPPro User Agreement are written in plain English.

Receipt of this user's money order shall indicate compliance with the terms
contained within the FTPPro User Agreement.

Thank you,

Sabine Schmidt
Sabine Consulting
Sabine () ftppro com

===8<===========End of original message text===========

Current thread:

Re: S/Key & OPIE Database Vulnerability, (continued)
- - - Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 28)
    - "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Jan 29)
    - Re: S/Key & OPIE Database Vulnerability Brandon Palmer (Jan 27)
    - Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)
    - Multicast from hell John Watkins (Jan 27)
    - Cobalt RaQ2 - a user of mine changed my admin password.. Chuck Pitre - Technical Support (Jan 27)
    - Re: Cobalt RaQ2 - and QUBE2 Nir Simionovich (Rin Solo) (Jan 29)
    - Tempfile vulnerabilities foo (Jan 30)
    - [FreeBSD Security Advisory: FreeBSD-SA-00:02.procfs] Patrick Oonk (Jan 28)
    - Re: Multicast from hell Omachonu Ogali (Jan 28)
    - FTPPro has weird features - Fwd: Important matter for your abuse department Cedric Amand (Jan 28)
    - New SCO patches... Aaron Sigel (Jan 27)
    - Qpopper security bug Zhodiac (Jan 26)
    - Re: S/Key & OPIE Database Vulnerability Dug Song (Jan 26)
    - Microsoft Security Bulletin (MS00-006) Microsoft Product Security (Jan 26)
    - Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Mnemonix (Jan 26)
    - Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Fredrik Widlund (Jan 30)
    - Re: explanation and code for stream.c issues Nathan Ollerenshaw (Jan 21)