hack the hackers

[localmotion34]

you know i must say that PB's way of file handling is very powerfull. i had a virus named dust.exe and nothing could get rid of it, however i noticed that when i opend or wrote to an already open file in a PB program, i never got that windows message that the file was in use. so i wrote a 50 line program if that to overwrite the virus with 000000's. now, i found a little piece of spyware that tracked what sites i went to, and id actually get emails from hosts saying thanks for visiting sites (AKA popup ads) and that by visiting i had agreed to their terms of unlimited email contact. so i found the DAT file the spyware wrote my browsing history to before it transmitted it, wrote a program in PB that opened the file and did a 10,000 repeat loop that filled the file with 10^5 A's and B's. i let it run nonstop, after about 3 days, i came home and there is a message from Comcast saying that i need to call them. soooooo, my cable modem service was terminated because of a complaint by the spyware parent company against a user of Comcast (me), which prompty terminated my service because of liability issues. and TOS violations. now for 1 year, i am not allowed to have an account in my name, so my wife has to setup one again. meanwhile, i hooked up the wireless router to my neighbors modem, and again here i am.

lunch while writing program -8$
renewal fee for cable modem-55$
halting a spyware server with 25 gigs of useless data --PRICELESS

there are some things that money can buy,
for everything else there is PB file operations.

[Doobrey]

Why didn`t you just tell your ISP you had a virus,and it was the virus creating all that traffic?

As for the spyware company....they`re stupid enough to think a 25GB datafile is a genuine browser history for 3 days and want to download it, then complain ???
I hope they get a power surge where it hurts..

[localmotion34]

good lord. why didnt i think of that. i should have said i had a virus, my own created one, but still. as for the spyware company, i dissasembled the DLL that creates the object, and from what i gather, it tracks your activity, writes them to a DAT file, and then every so often, transmits the DAT file contents. so doing a repeat until loop, writing alot of data each time(about 2 megs), the DLL just read the rewritten DAT file and sent it all (I think). the advantage of writing activity to a DAT file and then transmitting the info seems to be just like that of file sharing, because norton or spybot did not pick up on the transmission like they normally do as soon as spyware reports any browsing directly via my web browser. but i must have struck a nerve, because comcast really wasnt too happy about it. i figure, it takes me a whole day to run norton,spybot, and adaware to clean my computer, its only fair it takes them a whole day to clear their server. cheers. by the way, if you havent guessed, spyware is one of my pet peeves.

[Dare2]

Hmmm. Don't use this, run it past your solicitors.

---------------------------------------------

Dear Sir,

Re: Our communication of [date] regarding the closure of my account [number].

I am writing to you as a courtesy regarding this issue. This is my first and final communication with you on a personal basis. Hereafter the matter will then have become a legal issue and will be handled by my legal team.

At this point your actions have been merely informative. However any closure of my account or other attempts at punitive actions or coercion on your behalf will change this.

Consider this situation:

There is a file on my computer. I am unable to permanently remove it. To protect myself and render it harmless, I overwrite it with binary zeros. That is the sum total of my action.

It is my computer, which contains my personal and private information.

You receive a complaint regarding this.

The complainant is admitting that they have access to my computer, that they are extracting information stored on my computer (trespass, theft, invasion of privacy) and using that information in whatever way they see fit. How else would they know that I am filling a file with binary zeros?

They (the complainant) do not have permission from me to access my equipment, to illegally use my resources (storage, processing power, bandwidth). They do not have my permission to view my private and personal information, nor to build a profile regarding my personal practices in using the computer.

You will shortly be contacted by my legal team regarding this. You will be required to surrender up full details of the complaint and of the complainant, their minions and associates.

Action will then be taken against the complainant. Depending on where they are domiciled, this will be civil, or criminal, or both.

Should you assist them you will be aiding and abetting their actions and you will have become, at the least, an accessory to their actions.

Should you assist them I will take all action available to me, including but not limited to legal action and public relations exercises, to see that justice is done and that I am suitably compensated.

I strongly advise you to take your own counsel before acting any further.


Yours,

---------------------------------------------

First check with your legal beagles. You do not have my permission nor do I advise you to use the above in any direct communication with your ISP.

[GedB]

I've cross posted this to computercops.net, since there are a lot of people there who know a lot about spyware.

http://www.computercops.net/postlite34971-.html

Locomotion,

One of the posters there says that he'd like to know more about the DAT file.

[localmotion34]

now my opinion is that it writes to a DAT file in order to to avoid being detected by norton or any other antivirus or ad killer. i never tried running IP Armor, that will pretty much kill anything. i did not however, find any thread that actually read the DAT file and did the transmitting. it was probably deeper in the DLL where im not experienced enough to pick out of the ASM or functions. i read the DLL with a PB code snippet that allows you to view DLL functions, and they so smartly named them totally unrelated to what they did. my main point is that PB's file operations seem really powerful. PB overwrote a running virus EXE. a PB owner could make a FORTUNE writing antivirus programs or anti spyware apps. however, theres the flip side too. someone could write a virus that could overwrite user32.DLL or explorer.exe or anything else. i wonder if being able to overwrite a running process is a bug in PB that no one had noticed.

[Doobrey]

@localmotion34.
Did you manage to find out if the spyware used a URL or a set IP address to phone home?
If it uses a URL, all you`d have to do is add an entry for that domain in your hosts file to point at 127.0.0.1 and it wouldn`t be able to send the data.
It might stop the app from working if it couldn`t send after a few tries, but it`s worth a try.

[ricardo]

I don't think any legal action could be succesfully, because im almost sure that this software was installed bundled with some other software... in that case the most probably is that accept to install it and their agreement covers them for any legal action... the other posible scenario is that this company is in some small island in the pacific.

@Doobery

Host file don't work with IP address and unless they are begginers the most probably is that uses IP.

[Dare2]

Hi ricardo,

You are probably right, regards the guys who have the scumware/spyware in place. However the ISP is vulnerable, as I understand it, and if the objective is to avoid them closing you down then I believe it could be effective.

They are not judge, jury and executioner. They are one party to a business transaction. And they are within reach.

However, checking with legal people is always a good and necessary first step.

[Doobrey]

Host file don't work with IP address and unless they are begginers the most probably is that uses IP.

The trouble is, by using a specific IP address they can`t reroute the traffic to another server very easily.. for example if their network provider goes tits up ,as the IP address will most likely belong to the provider and not the spyware company.

Since the company rely on data from 'users' to make their money, they`d need to be able to recover from any problem ASAP.

Maybe I haven`t thought enough about this, but to me it seems a lot easier to recover if they use a domain name (what I mistakenly referred to as a URL ) instead of an IP address.
Then again, they do get a degree of anonymity by not using a domain, so I guess it all comes down to how shady the spyware company is..

[Dare2]

what I mistakenly referred to as a URL

I do that all the time (URL = domain, or URL = page within domain)

What is the correct term to use, and where? And the differences between things like URL, URI, page, web address, link, etc?

[ricardo]

what I mistakenly referred to as a URL

I do that all the time (URL = domain, or URL = page within domain)

What is the correct term to use, and where? And the differences between things like URL, URI, page, web address, link, etc?

URLs (Uniform Resource Locators) are the de facto standard by which one addresses Web documents. They take the general form: http://aaa.bbb.ccc. The actual address for a Web document is its IP (Internet Protocol) number. In effect, URLs are proxies for the IP number. Put simply, when one enters a URL in a browser it is translated by an Internet server into its IP number address.

More details: http://www.ou.edu/cas/slis/courses/LIS5 ... cs/URX.htm

[Randy Walker]

halting a spyware server with 25 gigs of useless data --PRICELESS

there are some things that money can buy,

I love it!... you done good!

I don't know what action you've taken, or if you have already tipped your hand. If you haven't spilled too much already, you could still tell them its was a virus and that you only now were able to isolate and destroy it. Plead igorance if they ask for proof. 8O