WebTrack Computer Tracking Software

Discussion in 'other software & services' started by DCN, Oct 4, 2005.

Thread Status:
Not open for further replies.
  1. DCN

    DCN Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    7
    Hi all,

    I was hoping I would be able to get some opinions on this. The company I work for is considering purchasing a large quantity of licenses for a software package known as WebTrack, manufactured by a company called BossUK (www.bossuk.com). WebTrack is a PC and laptop tracking package which, for example, in the event of a theft, will record the location of a machine every time it is connected to the Internet.

    The software is delivered via a floppy disk or CD-ROM and the company claim that by simply inserting the disk and executing the program it covertly installs format resistant code which will report back the location of the machine to our server.

    I have been involved in the security scene for a few years now and I can't work out how this is possible. Format resistant code? Also, how would it survive a reboot if, for example, you changed operating system, booted from a Live-CD distro or formatted the operating system? I suppose its a possibility to store the software in sectors on the hard disk then mark them as bad, or perhaps they have worked out how to store the software in the BIOS or video card memory somewhere? Still though, how would it be executed from within the operating system?

    It does say on the site that the machine is identified at a component level, leading me to believe that it could possibly be traced based on the machines MAC address. However, in the age of routers and home networks I don't see how you would be able to locate a stolen machine hidden behind a router/host device or if you changed network card.

    The specification sheet for the software is here:
    http://www.bossuk.com/Images/BRWEBTRACK.gif

    I have contacted the company several times but they have yet to return my calls. What I'm asking is if any of you think that what this company is offering is genuine non-removable laptop tracking software or simply a 'rootkit trojan-style' remote monitoring application which can be deactivated simply by formatting the machine, deleting the program itself or removing the programs service/autostart locations.

    Thanks for any advice or opinions you can offer.

    DCN
     
  2. MysticJohn

    MysticJohn Guest

    Hmm, I'd guess it uses some rootkit style technology, I know of another laptop tracking program called LoJack which performs a similar job, the FAQ is located here:

    http://www.lojackforlaptops.com/support.asp?section=faq&g=mb

    Still no explaination on how the software survives a reboot once the operating system has been formatted though... :S
     
  3. MysticJohn

    MysticJohn Guest

    Yeah I think I may have been right, looks like this application drops a file called RPCNet.exe and uses it to communicate with the server. They claim this application can survive a format, an fdisk and partition rewrite. If you find out how I'd be interested in knowing :p
     
  4. DCN

    DCN Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    7
    Hi MysticJohn,

    Thanks for your replies, I have been looking into the program you mentioned and it seems that they all work in a similar way. After some searching I came up with this quote from Absolute software's John Livingston:

    Quote taken from: http://news.zdnet.com/2100-9584_22-954931.html

    Still I have no idea as to how the software would re-initialise itself after the file system and partition table were wiped out, regardless of operating system.
     
  5. MysticJohn

    MysticJohn Guest

    The zTrace software looks quite interesting:

    http://www.ztrace.com/FAQ.asp

    Seems it bypasses all anti-virus applications and 'the majority' of firewalls. I wonder if it can beat the likes of ZoneAlarm and Tiny or even ProcessGuard... :p
     
  6. Beef

    Beef Guest

    <RPCNet exe>


    Remote Precedure Call Net

    R P C Network = hook = trojan type
     
  7. Beef

    Beef Guest

    laptop retrival program

    There was a time back in the dark ages with such programs actually worked but in todays world these programs can usually be removed without much fuss (please do not ask how to remove as that would improper to discuss removal in a public forum where hackers could learn from such info)

    Let it be enough said just to know that any newbees could removed such a program in under one minute by using a easily obtainable tool.

    these programs are widely used by college bookstores that loan out laptops...........larger companies may employ such programs as well......but to purchase one of these laptop retrival program imo is a complete waste of money. Do they work.....yes, just a a trojan or virus will work.....an can be removed just as a trojan or virus can be removed....
     
  8. DCN

    DCN Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    7
    Another thing I am quite concerned about here is that if companies such as these can create software which can survive an fdisk, format and partition table rewrite then fully reinitialise afterwards, whats stopping trojan and malware authors from doing the same thing with a virus?
     
  9. Beef

    Beef Guest

    ### Last Post Before Reformat ###




    DCN

    Your concern is highly valid an should be the concern of every computer User.
    However, alot of what you read may amount to nothing more than "smoke and mirrors" to sell a product.
    A person's experience would definitely come into play in a situation such as this. Many software vendors rely on the in-experience of computer Users....
    For a moment consider how many computers get infected by trojans and viruses... by also consider how many computers DO NOT GET INFECTED......now ask yourself: WHY IS THIS? In many cases its nothing more than a computer user's experience.....or perhaps just the luck of having installed the right PROGRAM for protection.
    Experience is a must have Tool. Experience may not actually be related to KNOWLEDGE. There are many highly experience computer users that can do things with computers that would shock you an yet would not have the KNOWLEDGE to network two side by side computers. That statement may confuse some people but it takes a moment to digest....an will leave to others to better explain. (notice at the top of this message that I am getting ready to reformat.........there is nothing wrong with this computer but "I feel there is something wrong" an experience person will take that "feeling" and begin searching....which is what I just did a few moments ago......an discovered several important files corrupted...... a person of knowledge would say "run it..its working" or "offer their knowledge in fixing the issues"
    The same applies to stealth trojans such as the one herein being discussed.........rpcnet would be ignorred by virus and trojan programs but its sure as hell is just a call-home trojan......a nicer guy would call rpcnet a software program......but I am not that polite........its a trojan thats been exploited by a software vendor to make a profit from.....its done all the time.
    Here the software vendor depends on the public not to have enough experience to see a rat as a rat instead they see a rat as a squirrel ....but in fact: a squirrel is a rat with a fluffy tail.............just as a trojan is a trojan even if called a software program. Having the experience to know a rat as a rat leads to "finding the knowledge" to remove the rat.
    As already mention..in this case...the Rat is very easy to remove....but does the software vendor want YOU to know that....of course not...would you purchase a program that can be so easy to remove....an the program is advertised as a security program...a tracking program...the holy grail of tracking..........yeah right.......any 10 year old can remove it........but I didn't tell you that LOL
    The point is: We, the computer users of the world....have been slammed....insulted.....and crapped on for years.......but there are a few computer user who got fed-up and got EXPERIENCE.....an moves about the internet sharing that experience.........there will always be trojans and virues......an there will always be someone out there with the experience to "feel" something is wrong with his os.....and there will always be someone out there with the KNOWLEDGE to help the person with the EXPERIENCE remove the BUG........its call TEAM WORK......an the security community does it better that just about any group in the world

    These days in seems common that when someone shares experience with others the Vendors find out and send Posters in to begin flaming.....its being done more and more..........when that begins.....just laugh it off. There is knowledge out there that is yet to be shared.....stay open minded.
     
Loading...
Thread Status:
Not open for further replies.