~ malware.htm ~
         Petit image    Malwares
Version August 2005


MALWARES
(aka spyware, aka snoopers, aka softtrojans)

Essays to help unawares understand malwares

[Examples]    [Our essays]

Nothing worse than malwares, as you will see... and seekers & reversers should take great care in order to avoid such sniffers and, at the same time, to detect, investigate (read: reverse engineer) and denounce them to the unawares...

 "But take care when you find your appz, 
  or you'll not gain your just rewardz, 
  your quest will all have been in vain, 
  and you will have to start again"





(Ancient websearchers' rhime)

A "classical" must-read is ["The Anatomy of File Download Spyware"] by Steve Gibson

Check our important essays!

Malwares examples


If you want to read about some examples of Malwares (let's help the unawares understand with some famous examples) then search the web for Lotus 'secure encryption', 3com's 'debug' account, Id's Quake server backdoor (password="tms") and Borland's Interbase (ALL Interbase databases!) "politically/correct" hardcoded password... alternatively, malwares are so widespread that you may just run a 'strings' program like [strings] or [bintscan] on your binaries and see what it finds :-)
Btw, there's another advantage in running a strings program against your binaries: often enough the various command-line options (and many other options) are NOT documented properly. Hence running "strings" on a binary is the only way to discover how to run your program properly. When doing such operations on commercial software you will often see information that the programmers most probably would have preferred you NOT to see.

Another sniffing approach is to use a good [grep] program (i.e. one that does not chocke on windoze's swap files) in order to find specific strings (for instance inside the messy inferno of windows's subdirectories :-)

Various kinds of possible Malwares exploits

De congenito windozianicus scumware

If you are using a windoze system, it could be a good idea to install a good firewall, like sygate personal firewall pro (version 5.1 is easy to find on the web). Note, however, that if you are using MSIE as a browser, you wont be able to avoid some 'congenit' spywares, built inside windoze itself, like the start/search function in windows xp, which connects on port 80 to sa.windows.com (207.46.248.249) in order to deliver to microsoft's spyes your IP and what you are searching for on your own harddisk.
The start/search function uses in fact windows explorer itself for its spying activities, and if you have 'allowed' it to connect to the web as a browser, the firewall wont block it anymore.
Morale: DO NOT use Microsoft explorer, never, use a good browser instead.

De congenito googlianicus toolbare  (February 2005)

Google has released a trial tool which is concerning because it directs people to pre-selected commercial websites.
The AutoLink "feature" comes with Google's toolbar and provides links in a webpage to Amazon.com if it finds a book's ISBN number on the site.
It also links to Google's map service, if there is an address, or to car firm Carfax, if there is a licence plate.
Google's dominant position in the search engine market place means it is giving a competitive edge to firms like Amazon.
AutoLink works by creating a link to a website based on information contained in a webpage, even if there is no link specified and whether or not the publisher of the page has given permission.
It means, for instance, that online libraries that list ISBN book numbers are directing users to Amazon.com whether they like it or not.

Our Essays

They should thank GOD that there'are crackers and reversers around...                        (A+heist)









Far from being finished... and still awaiting +Forseti's essays...

Petit image
Back to advanced
(c) III Millennium: [fravia+], all rights reserved