Your generous donations help keep this site online! Click here to support cexx.org.
Advertising Spyware: Aureate/Radiate

Software functions: Various
Advertising functions: displays a stream of flashing ad banners when certain software is installed, including monstrous fullscreen (640x480) ads!
Network Connections: Connections to adservers (*.adsoftware.com, ports unknown)
Backdoors: Unknown
HD/Registry/Application Snooping: Unknown

"Whether it's showing banner advertising to 10,000 female sports fans living in Ohio, or delivering thousands of full-screen animated commercials in an adventure game to brand a new apparel line to gen-xers." (as stated on aureate.com)

Still more advertising-supported shareware, much like the TSADBOT apps. The sad thing about these products is that, since there's seldom a registration "fee" of actual cash, many sites erroneously list them as Freeware. To "register" an AdSoftware app, you are forced to supply demographic details and personal information to the advertiser, who uses it to show flickering banners and popups at you while you (try to) work. In fact, you pay for the software every time you use it, and continue to pay indefinitely until you uninstall and cease using the software. Just think about it-- an eternal stream of cash at your expense! Also, like the TSADBOT, it remains installed on your machine and active even after you uninstall the program that uses it!

The Aureate trojan continues the tradition of the TSADBOT trojan by secretively installing itself as a Windows Service. In addition, it registers itself as a browser helper app so that it loads with your Web browser, and could in theory monitor every site you visit! It is nearly impossible to remove from the system, and runs fully cloaked--even if the end-user has enough advanced knowledge of computers to remove the software and its Windows hooks, you can't kill what you can't see. You may be infected with the Aureate trojan and not even know it!

If that's not enough, get a load of some propaganda from Aureate's Web site. A brief sampler: "<marketerspeak>Many of our users have downloaded software with the purpose of purchasing it and have done so for many years.</marketerspeak>" ...Aureate is a fairly new startup, and has not even existed for "many years". In fact, the entire paradigm of online software purchase is a fairly new concept in itself. (Could they be in trouble for false advertising??) It will be evident to any reader that every word has been passed through several marketdroids before appearing on the site ;)

Aureate/Radiate's spyware DLL has been verified to cause browser instability and crashes.

(Note: This stuff may be even worse for software developers employing it... for having their hand in the pie, Aureate skims off 40% of the developers' revenue right off the top!)

Links
Don McCuiston has done a write-up on Aureate ware focusing on the adware's tracking features, server connections and how to deal with it.
Steve Gibson has an informative page on the Aureate adware, particularly some issues relating to the deception surrounding its installation.
This page has a list of the Aureate spyware files below, and a detailed description of what each does. One reportedly intercepts calls to the system file oleaut32.dll and substitutes its own while a browser is active, silently switching back when the browser closes. Another reportedly replaces a benign Windows Media Player .dll with one coded to eavesdrop on your audio/movie downloads. Scary stuff!

Solutions
N/A? Some applications won't check for the advert DLL, others will. Find advert.dll and zap it (rename or move). If the programs still work, congratulations! If not, the next simplest solution is using the Hosts trick, or snagging a firewall app (ZoneAlarm, PC Firewall) and blocking access to their servers...there are probably some advanced methods of hacking the adware out of the program, if you're good with a hex-editor :)

See also: Sebastien Sauvage's freeware Aureate Blocker.
 
 

Note: See the Adware Neutering section.


File Listing

adimage.dll
advert.dll
amcis.dll
amcis2.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipcclient.dll
msipcsv.exe
tfde.dll
 
 
 

Up (Adware)
HomeE-mailCopyrights and Disclaimers



 

"All trademarks are hereby acknowledged as the property of their respective owners." So don't even THINK about suing me :)