Exploits Explained III: How to Kill the NetZero Banner Mini-Tutorial By Squiler and R a v e N http://blacksun.box.sk Direct questions to the message board at blacksun.box.sk Preface With the growing popularity of the Internet, many people want to see just what all the buzz is about. The only thing is that most people would rather not pay for it. Luckily there are services out now that give free Internet access. What's the catch? Well, actually there is none. You pay absolutley nothing to these services (and I stress these services, you still pay the phone bill of course). The only thing is that while using these services a banner pops up on the bottom of the screen (you can position it anywhere) and displays advertisements. The advertisers pay so you don't have to. One of the most popular of these services is called NetZero. Introduction When using NetZero, the most annoying thing is that banner at the bottom of the screen. Loading those ads lags your connection. This really isn't that bad especially since the service is free; except for the fact that you never click on any of those anyway. All the banner at the bottom of the screen does is slow you down and take up space. So you ask, how do I kill the banner? Well of course like anything, there is an exploit for this. This exploit is manual, which means you do it yourself. Sooner or later I'll write a program to do it. After getting some background information from a friend (who prefers to remain anonymous), I discovered this exploit pretty quickly. Background Ever look in a directory on your hard drive and see all those .dll files? Ever got the impression that they were just taking up space? Well actually DLL's are very important. First off, DLL stand for Dynamic Link Library. To understand what a DLL is and how one works, consider this. You have a computer with Windows 3.1 and you want to upgrade to Windows 95. So you go out and buy Windows 95, install it, and it works without a flaw (keeping in mind this example is hypothetical, Windows 95 will never run flawlessly). So you take all software you had on your old computer and start installing it. Now of course you expect the software you are installing to look the same in Windows 95 as they did in 3.1 After all, how could they change? They were made before Windows 95 was anyway. That's where you go wrong, and that's where DLL's come in. As soon as you start up one of the programs, you notice the title bar is different. It's a Windows 95 title bar, with an icon next to the name of the program, and an "x" button to close the program next to the traditional maximize and minimize buttons. You wonder how this is possible. The answer is in the DLL. There is DLL that all programs in Windows 95 access to get information. Since the DLL in Windows 95 had the same name as the one in Windows 3.1, the old program will access it as well. DLLs contain information on how to do something. This something could be connecting to the Internet, how to access your printer, or in this case, how to go and build a new window, how to design it etc'. The good thing about DLLs is that they: a) Can be loaded and unloaded when the program is done with the action the DLL was required for, which saves up some valuable memory. b) DLLs can be shared between several programs. For example: if you have two or more programs that have the option within them to start a PPP session with your dial-up Internet provider, they can all just use the same DLL, which means saving up some disk space (you won't have to have the same DLL stored on your hard drive three times). The Unix equivelants to DLLs are libraries ("libs"). Preparation Open up Windows Explorer and get to C:\Program Files\NetZero\bin. In this directory there is a file called 'net.dll'. Keep your attention on this file, because in just a few moments we will move it. Now without changing the directory, position the left side of the screen that only shows the directories so that you can see the directory where you are going to move 'net.dll'. This is so when you have to move the file, you won't have to go looking around for a place to put it. This is only done to speed up things, because timing in this exploit is an important factor. **Note: It isn't important where you move 'net.dll', as long as it is not in the NetZero directory and that you remember where you put it.** Carrying Out The Exploit Keeping Windows Explorer open, start up NetZero. Click 'connect' and wait for your modem to dial and connect. As soon as your modem stops screaching (if you have your modem speaker turned off, turn it back on using control panel --> modem), quickly switch back to Windows Explorer and move the 'net.dll' file to another directory. The connection will complete. At this point you would expect your browser to open and for the banner to pop up. But nothing happens. Don't worry, the connection is fine, and you won't get booted off. You have just fooled the banner program. When you're done using the Internet, just close your borwser and a prompt will come up to close NetZero. Or just double click on the icon in the toolbar at the bottom of the screen with the two computer screens. There should be a disconnect button on that. After you've signed off, move 'net.dll' back to C:\Program Files\NetZero\bin How This Exploit Works Obviously, the important part of this exploit is the file 'net.dll'. The NetZero start up program needs to access this file, that's why you have to move it back when you're done. The banner program needs to access this file too. If it can't find the file, the program just doesn't start. Strangley enough, it doesn't boot you off or anything. Lately when using this exploit I have noticed something though. The inactivity timeout rate is extremely low, like 5 minutes or something.