attbi.com -> comcast.net [verbose and dull: for the truly curious]
Chuck Young
chyoung at attbi.com
Tue May 13 22:13:44 EDT 2003
I figured either the "wizard" knows the new info or it will need
to get it on 6/30. Curiousity got the better of me. If it
knows, maybe it could concievably be reverse engineered by
reviewing scripts or running strings on the executable, etc. If
not, we all wait for the largest self inflicted denial of service
attack when everyone seeks the same information at the same time
on 6/30, right?
Well, I just wanted to know what would happen when I ran that
wizard. Sorry for the lack of precision, I have spent too much
time as it is. I downloaded it and tried to break it apart
(could not unzip, was a .exe)
Looks like it runs an app/browser to get a value from a URL and
then springs into action when the following is returned (go=yes)
It must get settings from a URL as well to run the
reconfiguration scripts and set up the server to forward mail,
etc. No way to switch over manually early
Here's the URL: http://monitor.attbi.com/monitor/reconfigure
BTW, it is not "uninstallable" and does not show up on the app
lists, etc.
=====details below - sorry about the wrapping, etc.======
OK, so I bit into it. It copies a few files (2 .dll's and 2
.exe's) and then whacks the registry...Here is what I got in
C:\Prog Files\Comcast\MigCfg\Data\Client.ini:
; Initialization file used for Logging
[GlobalDebug]
LogActive=TRUE
LogDevices=2
LogFlags=0x281 ;turns on LOG_ERROR, LOG_HISTORY, and LOG_ERRORCC
LogFile=history.txt
HexBase=TRUE
[Messaging]
SwitchURL=http://monitor.attbi.com/monitor/reconfigure
QueryURL=http://monitor.attbi.com/monitor/emailid
=========
History.txt:
HISTORY 05/13 21:34:14 IspBeg(IspBeg)
http://monitor.attbi.com/monitor/reconfigure
==========
Install.log:
*** Installation Started 05/13/2003 21:33 ***
Title: Transition Wizard
Source: C:\DOCUME~1\chy\LOCALS~1\Temp\GLB7.tmp
Made Dir: C:\Program Files\Comcast
Made Dir: C:\Program Files\Comcast\MigCfg
Made Dir: C:\Program Files\Comcast\MigCfg\data
Made Dir: C:\Program Files\Comcast\MigCfg\programs
Made Dir: C:\Program Files\Comcast\MigCfg\temp
File Copy: C:\Program Files\Comcast\MigCfg\data\Client.ini
File Copy: C:\Program Files\Comcast\MigCfg\programs\IspMig.exe
File Copy: C:\Program Files\Comcast\MigCfg\programs\IspBeg.exe
File Copy: C:\Program Files\Comcast\MigCfg\programs\GUTL.dll
File Copy: C:\Program
Files\Comcast\MigCfg\programs\HttpDownload.dll
RegDB Key: Software\AT&T\SrvCon
RegDB Val: C:\Program Files\Comcast\MigCfg
RegDB Name: Path
RegDB Root: 2
RegDB Key: Software\AT&T\SrvCon
RegDB Val: 1.0.0.0120
RegDB Name: Version
RegDB Root: 2
RegDB Key: Software\AT&T\SrvCon
RegDB Val: SC
RegDB Name: ProductBase
RegDB Root: 2
RegDB Key: Software\AT&T\SrvCon\Messaging
RegDB Val:
RegDB Name: UpdateURL
RegDB Root: 2
RegDB Key: Software\AT&T\SrvCon\Messaging
RegDB Val: http://monitor.attbi.com/monitor/reconfigure
RegDB Name: SwitchURL
RegDB Root: 2
Self-Register: C:\Program
Files\Comcast\MigCfg\programs\HttpDownload.dll
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Run
RegDB Val: "C:\Program Files\Comcast\MigCfg\programs\ispbeg.exe"
RegDB Name: ServiceConfig
RegDB Root: 2
User Rights: Admin
/*OK, like a dope, I gave it root */
=======
switch.ini:
[Switch]
go=no
========
OK, so I actually ran the executable...now look at my history
file:
HISTORY 05/13 21:34:14 IspBeg(IspBeg)
http://monitor.attbi.com/monitor/reconfigureERROR 05/13
21:43:54 IspMig(GUTL) m_tsUserName: chy
ERROR 05/13 21:43:55 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=Reboot
HISTORY 05/13 21:44:33 IspMig(IspMig)
OnBtnNext() -Processing settings for :0x1 time
ERROR 05/13 21:44:33 IspMig(IspMig) Remove BJ: Forced
cfd.exe remove succeeds!
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BJCFD
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=WORKFLO
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTRedUpate
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTIspMigSetup
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SCUpdate
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandClient
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandUpdate
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandClient
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAClient
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAUpdate
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandUpdate
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:33 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\(DELETED)\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:33 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:33 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\(DELETED)\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:33 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:34 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:34 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:37 IspMig(GUTL) Begin to configure for
user 0: Administrator
ERROR 05/13 21:44:38 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:38 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandClient
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandUpdate
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandClient
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAClient
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAUpdate
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandUpdate
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:38 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:38 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\Administrator\Start Menu\Programs\AT&T Broadband
Internet
ERROR 05/13 21:44:38 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:38 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\Administrator\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:38 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:38 IspMig(GUTL) End to configure for
user: Administrator
ERROR 05/13 21:44:38 IspMig(GUTL) Begin to configure for
user 1: (DELETED)
ERROR 05/13 21:44:38 IspMig(GUTL) No need to configure for
user (DELETED) since it is current user
ERROR 05/13 21:44:38 IspMig(GUTL) Begin to configure for
user 2: (DELETED)
ERROR 05/13 21:44:39 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:39 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandClient
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandUpdate
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandClient
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAClient
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAUpdate
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandUpdate
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:39 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:39 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\(DELETED)\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:39 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:39 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\(DELETED)\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:39 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:39 IspMig(GUTL) End to configure for
user: (DELETED)
ERROR 05/13 21:44:39 IspMig(GUTL) Begin to configure for
user 3: Guest
ERROR 05/13 21:44:39 IspMig(GUTL) Failed to Call
RegLoadKey, error code is 3, file is C:\Documents and
Settings\Guest\NtUser.dat
ERROR 05/13 21:44:39 IspMig(GUTL) Begin to configure for
user 4: (DELETED)
ERROR 05/13 21:44:40 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:40 IspMig(IspMig) No Email ID to query
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandClient
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=ATTBroadbandUpdate
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandClient
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAClient
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=SAUpdate
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=BroadbandUpdate
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:40 IspMig(GUTL) CWNRegKey::Delete -
cannot open key
ERROR 05/13 21:44:40 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\(DELETED)\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:40 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\AT&T Broadband Internet
ERROR 05/13 21:44:40 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\(DELETED)\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:40 IspMig(IspMig)
CConfigureMgr::RemoveStartMenu try to remove C:\Documents and
Settings\All Users\Start Menu\Programs\Comcast High-Speed
Internet
ERROR 05/13 21:44:40 IspMig(GUTL) End to configure for
user: (DELETED)
ERROR 05/13 21:44:40 IspMig(IspMig) Reached end of
processsing.
HISTORY 05/13 21:47:27 IspBeg(IspBeg)
http://monitor.attbi.com/monitor/reconfigureHISTORY 05/13
21:47:32 IspBeg(IspBeg)
http://monitor.attbi.com/monitor/reconfigureERROR 05/13
21:47:38 IspMig(GUTL) m_tsUserName: (DELETED)
ERROR 05/13 21:47:39 IspMig(GUTL) CWNRegKey::DeleteValue -
RegDeleteValue failed, name=Reboot
=========UGG====================
-----Original Message-----
From: discuss-admin at blu.org [mailto:discuss-admin at blu.org]On
Behalf Of
nmeyers at javalinux.net
Sent: Monday, May 12, 2003 7:18 AM
To: Robert La Ferla
Cc: discuss at blu.org
Subject: Re: attbi.com -> comcast.net
On Mon, May 12, 2003 at 12:52:10AM -0400, Robert La Ferla wrote:
> Comcast sent out a mass-mailing detailing the transition from
attbi.com
> to comcast.net on 6/30. Unfortunately, they have created
"special"
> software for Windows and Mac to do the conversion. They
indicate that
> they do not have software for Linux but manual instructions
should be
> available on 6/30. Of course, that gives noone any advanced
notice.
> So, has anyone looked at what needs to change? Has anyone
contacted
> tech support to ask and/or complain?
My interpretation of that page is that there will be new email
servers.
They haven't worked out all the details - or maybe they don't
want people
switching too early - so instead they're apparently distributing
a benign
virus to Windows and Mac users that'll install the right settings
in
various common clients when Comcast broadcasts them. Sort of a
reverse
DDOS attack :-). Kinda frightening, isn't it?
Nathan Meyers
nmeyers at javalinux.net
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://www.blu.org/mailman/listinfo/discuss
More information about the Discuss
mailing list