• Blocklist Manager
  • BISS Blocklists
  • Protowall
  • Hosts Manager
  • Blocklist Converter
  • Latest News
  • XeroAgent Privacy Network

For more information please visit  The Blocklist Manager 2.7.7 page...

BISS IP Blocklists

The BISS IP Blocklists are provided as a free service to help add another layer to your security toolkit.. The IP Blocklists are continuously researched and updated daily to keep up with current internet based threats in many different categories including Malware/Spyware sites, Ads - Trackers, Hijacked and Unallocated Bogon IP ranges, Anti P2P enforcers, Hackers/Crackers, Web Spiders, Bots, Crawlers, Web Server Exploits and more.

Our free Blocklist Manager software is available to download and merge your blocklists into one file or alternatively you can download the files individually from our IP Blocklists download page.

For information about the purposes and contents of each Blocklist, please view the BISS IP Blocklists FAQ.

Protowall

A powerful yet extremely light weight NDIS driver based IP filter / IP blocker. Protowall is designed to run independently or alongside a software firewall without any conflict for the sole purpose of filtering all inbound / outbound network connections and blocking large amounts of IP addresses where almost all other personal firewalls cannot.

Hosts Manager

A comprehensive application for downloading the BISS HOSTS file, with an extensive array of tools for superior HOSTS file management.

For more information please visit  The Hosts Manager page...

Online Blocklist Converter

The original online Blocklist Converter by Bluetack - The BLC allows users to input IP addresses or load a blocklist in one format and convert to another format with options to have the output list sorted and formatted in varying ways..

XeroAgent Privacy Network

Coming Soon - A new network of anonymous web sites you can trust for a little bit more personal privacy against the growing privacy intrusions, monitoring of our online browsing habits and escalating online dangers we all face. Easy to modify web filtering options are available on every portal site to control and restrict all web page elements for a less obtrusive and hopefully safer online browsing experience

Enhance your privacy and shield your IP address from detection with the XeroSurf anonymous web proxy.

When a keygen is more than a keygen
Tuesday, 02 February 2010
Article Index
When a keygen is more than a keygen
Network activity
Virustotal results
Page 1 of 3

Today I ran into a rather interesting keygen for a Corel application. A part from being infected with a passwordstealer, this keygen actually might work perfectly. Unfortunately I could not install Paintshop Photo Pro X3 as the installer kept complaining that it could not stop the WIA service it started a few seconds before. While you're peacefully cracking PaintShop Photo Pro X3, the keygen is collecting and sending out usernames and passwords from different applications and games (see list below). The program also disables the UAC on Vista

Infected Keygen

When you run the installer, it starts by dropping another smaller executable also called keygen.exe in your temp folders.

Infected Keygen

First strange behavior, the keygen wants to start the WMI service.

Infected Keygen

In the background the keygen is looking for usernames and passwords from the following applications and games:

  1. Internet Explorer - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2

    2. Infected Keygen

  2. Firefox - %userprofile%\Application Data\Mozilla\Firefox Profiles\xxxxxxxx.default\signons.txt -

    3. Infected Keygen

  3. Filezilla
  4. Trillian
  5. Battlefield 2 and 2142
  6. Burnout Paradise
  7. Call of Duty 4 and WaW
  8. The Sims
  9. Software\Sierra\CDKey
  10. FarCry
  11. Need for Speed Underground 2
  12. Stalker-Shoc
  13. UT 2003 / 2004
  14. Need for Speed Undercover
  15. PES 2009
  16. FIFA 2009
  17. Crysis Wars

It also checks the following registry key to find out if the victim uses Dynamic DNS Update Clients from no-ip.com: HKLM\SOFTWARE\Vitalwerks\DUC

The keygen also has a couple of anti sandbox tricks which makes the analysis harder.

Infected Keygen


Prev - Next >>
 

Life Support

Enter Amount: