Network ICE BlackICE Defender - SPY TOOL

[nils holgersson]

Network ICE BlackICE Defender , one of the most known antihackers tool, agressively marketed now

in almost any known computer magazine and technical literature, also famous due to its authors -

and the company founders, three famous security experts from Network Associates (NAI), the parents of the most known security products from the same NAI,

 

IS IN FACT A SPY TOOL , WHICH PROTECTS YOUR NETWORK/COMPUTER FROM EXTERNAL ATTACKS, BUT ALSO SPIES YOU, IN BACKGROUND, SENDING YOUR MOST SENSITIVE DATA , TO AN IP-ADDRESS LOCATED ON A SERVER BELONGING TO Network ICE Corp. !

 

YOU CAN ALSO HAVE INSTALLED OTHER FAMOUS FIREWALLS, FROM NAI, CHECKPOINT, ISS, NETGUARD, SIGNAL 9 SOLUTIONS, ALL ARE BYPASSED BY THE Black ICE Defender, WITHOUT ANY WARNING !!!

 

For those without any firewall, NetICE overrides completely any configuration made by the user/administrator, regarding Internet access. If you configured for ex. a manually security checked dial-up, BlackICE ignores it and breaks through, without any warning !

Tests were made with both telemodems, ISDN modems and cable/ADSL modems !

 

It seems that the founders of Network ICE Corp. had access to special information from Microsoft when they designed their BlackICE Defender, which exploits some secret backholes in the design of the Microsoft operative systems. Without any doubt, no private persons, but high officials from the US federal authorities, are well aware of these issues. It seems that this is one area where

the US goverment wants to completely controll and intercept any kind of Internet traffic and external networks.

 

Programs like NetBus or BackOriffice are simply toys made by computer enthusiasts, compared to the lethal weapon which Network ICE Corp. - BlackICE Defender - is in fact !

 

The simply fact that it can break through the most powerfull firewalls existent on the market today, and is marketed as a security guaranteer for your network/computer - which is true - BUT... also spies your network from an unprecedent level of sofistication, is really icy.

 

 

 

For those interested, some details (BlackICE 1.94):

--------------------------------------------------

 

1. decompile setup.ins and check the following addresses: 000000a0 to 00000330, 00000970 to 000010f0, 00003870 to 00003a80,0003fb0 to 00004180, 00004a60 to 00004eb0.

 

2. check blackd.exe at addresses: 0006cf20 to 0006e180, 0006e330 to 0006e530, 0006fde0 to 0007e30, 00070ca0 to 00072060, 000722e0 to 00072390.

 

3. check in blackd.log the following: heartbeat, heartbeat.traffictimeout, heartbeat.interval,

heartbeat.lastcfg, trust.issue + the others rows.

 

NetICE monitors when the computer is unattended and starts the connection to the Network ICE

Corp. server, if you came back and start working, in background , BlackIce disconnects and changes automatically the waiting time for the next attempt to reconnect to the Network ICE server (the heartbeat.interval parameter).

 

4. Also, NetICE temporary disables the protection against external attacks, when the tcpprobe

(the signature) of the attack comes from the Network ICE server (see exclude.issue = 2000413 2000412 2000304 in blackice.ini).

 

5. check in blackdll.dll the following addresses: 00010810 to 000109b0, 00014380 to 00014ac0

(literally the content of your registry is sent to Network ICE server - so they know exactly

your identity and the content of your computer).

 

6. check also blackd-old.log

 

7. check blackdrv.sys at addresses: 00006800 to 00006b80, 00007760 to 00007b40.

 

8. check blackice.exe at addresses: 0002d690 to 0002e640, 0002fbe0 to 00030330.

 

9. Network ICE assigns to you a unique identification code (from their database), which can trace

your computer, EVEN IF HAVE CHANGED PHYSICALLY THE INTERNET CONNECTION OR PROVIDER AND SUBSEQUENTLY YOUR REAL IP-ADDRES !! (check guid.txt : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}).

 

10. check sigs.ini.

 

11. Try to stop manually the hidden service : Blackd ! Well, the system JUST REBOOTS !!!

YOU CAN'T STOP IT ! ONLY COMPLETELY REMOVE IT FROM THE SYSTEM AND SEARCH IN REGISTRY FOR ANY

KEY ("Network ICE" , "Net ICE" "ICE" "Black") AND DELETE IT , helps to completely clean your system !