Rid your system of Trojan horse

In the past few weeks, you may have heard about a new Trojan horse. It silently installs itself along with ordinary software.

In the past few weeks, you may have heard about a new Trojan horse. It silently installs itself along with ordinary software. It can then send personal data about you via the Internet back to a master server.

This program is known as Aureate. Rumours about it have been overblown, based on misunderstandings about what the software does. But the true nature of the program is bad enough to deserve your attention.

I am revealing (you read it here first) how to rid your systems of Aureate software. It's simple to do. Keep in mind that even strong anti-virus checkers do not yet regard Aureate programs as viruses.

The cure is OptOut, a free, tiny utility. Its author -- Steve Gibson, the developer of the SpinRite disk utility -- has not had a chance to really publicise it. What OptOut does -- and why we need this kind of protection -- is a story worth telling. We will face many more Aureates in the future.

On the surface, Aureate software performs a mundane task: It displays advertising in the form of message windows. The ads are hosted by programs that agree to display them.

This is all explained at the Web site of Aureate's developers. (The company, formerly known as Aureate Media, recently changed its name to Radiate. Its new Web site is www.radiate.com.) End-users can download software from Radiate's Web site.

The advertisements were conceived as a way for software developers to make money: Companies that embed Aureate software into their ordinary programs share ad revenues with Aureate.

The ordinary programs are distributed via the Web, CD-ROM, or other means. When end-users install the ordinary software, they also install Aureate daemon (auto-running) software. The daemon software contacts a Radiate server whenever the user accesses the Internet. Radiate downloads ad files to your disk during your connection. These ads are displayed at some later time to the end-user.

Radiate normally charges advertisers $US20 to $US25 for every 1000 people who view an ad. Radiate keeps 40% and passes 60% to the developer of the host program. However, Radiate can charge as much as $US30 per 1000 people if the ads are "targeted". To target ads, the daemon eventually displays dialog boxes that request personal information. Users can click "cancel," but many fill them in.

Radiate's requested data includes your age, sex, ZIP code, household income, and company size. In its own defence, Radiate says, "We will not collect any personally identifiable information about you [name, address, telephone number, e-mail address] unless you provide it to us voluntarily."

This is a cold comfort. The Windows Registry reveals your name, your company's name, the e-mail address you typed into Internet Explorer as your "reply-to" address, and much more. Radiate spokesman Peter Fuller strongly denies that the company reads or transmits this information. But how would you know?

Steve Gibson says he's found much bigger problems with the daemon software than whether someone is marketing your income.

* None of the daemon-carrying software that Gibson analysed notifies users before they install the uploading/downloading routines.

* None of the uninstall routines of the programs he examined make any attempt to remove or disable the daemon. Data is transferred by the daemon even when the host software is idle or has been deleted.

* Radiate could easily associate specific profiles with names or credit cards, because Radiate accepts online registration fees for host programs that carry the daemon.

Network experts such as Richard Smith and Network Associates have examined the Radiate software. They say the software isn't collecting any information, other than when and how you use the ad-supported host software. The problem is, how would you know if it were performing any other functions?

Radiate says the Aureate software is already installed on more than 17 million PCs.

Gibson has a complete explanation of the problem at grc.com/optout.htm. His free utility completely removes the daemon.

Programmers need to learn that just because we have an Internet connection, they can't use it as they wish. Until that message sinks in, we need utilities such as Gibson's.

Send tips to Brian Livingston. He regrets that he cannot answer individual questions.

Join the newsletter!

Error: Please check your email address.

Tags OptOutAureateTrojan horse

Show Comments
[]