Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: All Advantage Spyware

From: Vitaly Osipov <vos () TELENOR CZ>
Date: Thu, 14 Sep 2000 18:38:56 +0200
Hi all,

I've found an old distribution of CuteFtp - there is a 1.51 (build 18)
advert.dll inside (by the way, this library is downloadable from cuteftp
site (www.globalscape.com - in section knowledgebase/problems with cuteftp
3.2 or somewhat of this kind - but it's version 2.01 there). After some
fiddling with WDasm I can say that it really tracks your web behavior
related to their ads - you receive some User id, and it sets cookies etc -
as usual... Of all other bad things it is accused there is an evidence only
of fiddling with dial-up connections - it sets "EnableAutodial" and contains
somewhere in data segment strings related to RASapi -

Rasapi32.dll RasEnumConnectionsA RasGetConnectStatusA RasHangUpA
RasEnumEntriesA RasDialA RasGetErrorStringA

but what i do not understand - why it is there, and not in code segment...

I am not a big Win32 programmer, but maybe it is just some garbage... if
not, these calls are exactly what is needed to get all your dialup
information :)

regards,
Vitaly.
Previous By Date Next
Previous By Thread Next

Current thread: