 |
essays |
|---|
(¯`·.¸ Teleport Pro 1.29, malware galore ¸.·´¯)
by Faulpelz
published at fravia's searchlores in May 2000
Slightly edited by fravia+
|
essays |
|---|
Foreword: Essay:
Subject: Teleport Pro 1.29 ( http://www.tenmax.com Whenever I install/test new software on my System I do some 'security'
checks - especially if the software uses an internet connection
(or to be more precise if it opens any sockets/ports...)
I discovered that Teleport Pro 1.29 connects to www.tenmax.com
while you are downloading/mirroring another site. Teleport Pro
does not send any data to www.tenmax.com directly (as far as I
know...) but it requests the file ROBOTS.TXT from www.tenmax.com
and sends in the header of the request 'HOST: thesiteyouaredownloading'
I would call this indirect sniffing, because this way they know who
you are (at least they get your IP) and what site you are downloading/mirroring
and I bet this is more information than you would ever give tenmax voluntary...
They just have to analyse their logfile/s at http://www.tenmax.com and they have many
interesting data about the Teleport Pro Users. (I don't think that I have to
tell you what you can do with logfiles, if you know how to analyse them...)
A quick solution to block the sniffing code is to simply add
"127.0.0.1 www.tenmax.com" to your windows HOSTS file... (don't forget the www part!) Currently I don't have the time to reverse Teleport Pro, but it MAY be
usefull to check if there are other hidden 'features' in this tool or
not, so if YOU have the time/knowledge to analyse the code of Teleport
Pro then you should do so and send your findings to Fravia+. PS: It should be interesting to check what happens if
you use a Proxy,
mirror a PW-protected Site, Firewall etc. There MAY be some routines
that are only activated after certain events etc., so until this tool
is not completly reversed nearly anything COULD happen to you if you use
Teleport - I don't know actually everything: this is an essay that sets a
starting point for further developments, other reversers are needed "I believe in coincidence. Coincidences happen every day. But I don't trust
coincidences."
This is not a 'real' essay, just something I discovered. Maybe this
is the start of another new section on fravia's nice new site - I don't know.
The importance of this essay does not lie in the detail I discovered,
but in the typical problem you have nowadays, everytime you conntect to
the internet: You'll never know what happens in the background...
(and this applies to each Software/Process that is running on your windoze System)
So, it is nowdays even more important to use some 'tools of our trade'
before we go online...
Never trust any tool/application, it may jolly well try to collect
data about you and your interests! Funny enough that not only the States, but
even the Europian Union is
now trying to criminalize everybody who uses/publishes the 'so called'
cracking/reversing/hacking tools.
If you ask me I think this is very paradox...
They should criminalize the commercial bastards who are trying to get every
bit of your personal Data, not the wondrous tools which are usefull to defend yourself against
snoopers and spies!
The 'logic' they follow is a very dangerous one: 'If you don't give us your data you have something
to hide and the one and only reason for this is that you are a criminal...'
I am quite
sure he will publish them or add them to this small essay. Even if you
find nothing else that is suspicious, you should let him know. I
will take a closer look at Teleport Pro in the future, for now I
just can say: Watch out!
I just wrote what I have discovered:
everything else is just speculation... Anyway, as I said above this
applies not only to Teleport! Nearly every software or 'agent'
(e.g. Winamp) should nowadays be used with care - I am quite sure that in the
near future more and more Software will hide routines
trying to collect as much data about you as they can.
Malware reversing is MORE AND MORE IMPORTANT, please concentrate on that your
reversing efforts: only crackers can save the world from the commercial evil spammers!
- 'Faulpelz', May 2000