Citizendia
Your Ad Here

A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers. Computer programs (also software programs, or just programs) are instructions for a Computer. Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. Access to the hardware (i. e. , the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. This article describes how security can be achieved through design and engineering Often, they are also Trojans as well, thus fooling users into believing they are safe to run on their systems. This article refers to a form of Malware in computing terminology Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination [1]

Rootkits may have originated as regular applications, intended to take control of a failing or unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Malware, a Portmanteau word from the words '''mal'''icious and soft'''ware''', is software designed to infiltrate or damage a computer system without Rootkits exist for a variety of operating systems, such as Microsoft Windows, Mac OS X[2] [3] , Linux and Solaris. Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. Mac OS X (mæk oʊ ɛs tɛn is a line of computer Operating systems developed marketed and sold by Apple Inc, the latest of which is pre-loaded on all currently Linux (commonly pronounced ˈlɪnəks Solaris is a Unix -based Operating system introduced by Sun Microsystems in 1992 as the successor to SunOS. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms. In computing a device driver or software driver is a Computer program allowing higher-level computer programs to interact with a Hardware device In Computing, a loadable kernel module (or LKM) is an Object file that contains code to extend the running kernel, or so-called base kernel

Contents

History

The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system. Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination If an intruder could replace the standard administrative tools on a system with a rootkit, the modified tools would give the intruder administrative control over the system while concealing his activities from the legitimate system administrator. A system administrator, systems administrator, or sysadmin, is a person employed to maintain and operate a Computer system and/or network. The earliest known rootkit was written ca. 1990 by Lane Davis and Riley Dake for SunOS 4. SunOS is a version of the Unix Operating system developed by Sun Microsystems for their Workstation and server Computer 1. 1. There was an earlier, quite famous, exploit equivalent to a rootkit which was perpetrated by Ken Thompson of Bell Labs against a Naval Laboratory in California to win a bet. Kenneth Lane Thompson (born February 4 1943) commonly referred to as Ken Thompson (or simply Bell Laboratories (also known as Bell Labs and formerly known as AT&T Bell Laboratories and Bell Telephone Laboratories) is the Research organization Thompson subverted the C compiler in a distribution of Unix to the Lab.

Rootkits were so named because they allowed an intruder to become a root user (ie, the system administrator) of a Unix system. On many computer Operating systems the superuser, or root, is a special User account used for System administration. Since then, similar software has been developed for other operating systems, and the term rootkit has been broadened to include any software that surreptitiously alters an operating system so that an unauthorized user can take arbitrary control of the system.

Rootkits became much better known in 2005, when Sony BMG caused a scandal by including rootkit software on music CDs which altered the Windows OS to allow access to anyone aware of the rootkit's installation. Sony BMG Music Entertainment is a diverse music and entertainment group The Sony BMG CD copy prevention scandal concerns the Copy prevention measures included by Sony BMG on Compact discs in 2005 A Compact Disc (also known as a CD) is an Optical disc used to store digital data, originally developed for storing digital audio Supposedly, this was done to enforce copy protection of the music on the CDs. Copy protection, also known as content protection, copy prevention, or copy restriction, is a technology for preventing the unauthorised reproduction The scandal following the discovery and subsequent public notice of this corporate-sponsored malware—a scandal made much worse by the clumsy and ill-informed statements of Sony executives—made many users previously unfamiliar with rootkits wary. Malware, a Portmanteau word from the words '''mal'''icious and soft'''ware''', is software designed to infiltrate or damage a computer system without

Common use

A successfully installed rootkit allows unauthorized users to act as system administrators, and thus to take full control of the 'rootkitted', or 'rooted' system. Secondary to this purpose, most rootkits typically hide files, network connections, blocks of memory, or registry entries (eg, on Windows systems) from other programs used by system administrators to detect specially privileged accesses to computer system resources. However, a rootkit may masquerade as or be intertwined with other files, programs, or libraries with other purposes. It is important to note that while the utilities bundled with a rootkit may be maliciously intended, not every rootkit is always malicious. Rootkits may be used for both productive and destructive purposes.

A rootkit which hides utility programs, usually does so to abuse a compromised system, and often include so-called "backdoors" to help the attacker subsequently access at will. A backdoor in a Computer system (or Cryptosystem or Algorithm) is a method of bypassing normal Authentication, securing remote access to a computer A simple example might be a rootkit which hides an application that spawns a command processing shell when the attacker connects to a particular network port on the system. In computing a shell is a piece of software that provides an interface for users In Computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint used by Transport Layer protocols Kernel rootkits may include similar functionality. In Computer science, the kernel is the central component of most computer Operating systems (OS A backdoor may also allow processes started by a non-privileged user to run as though it were started by a privileged user (including the root user) and to carry out functions normally reserved for the superuser.

Many other utility tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems with which the compromised system communicates, such as sniffers and keyloggers. Keystroke logging (often called keylogging) is a method of capturing and recording user keystrokes A possible abuse is to use a compromised computer as a staging ground for further abuse (see zombie computer). A zombie computer (often shortened as zombie) is a computer attached to the Internet that has been compromised by a hacker, a Computer virus This is often done to make the abuse appear to originate from the compromised system (or network) instead of the attacker's. Tools for such attacks can include denial-of-service attack tools, tools to relay chat sessions, and e-mail spam distribution. Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages A major malicious use for rootkits is to allow the rootkit's programmer to see and access user names and log-in information of systems requiring them. Collection of such information from many systems (thousands or more) is easily possible. This makes rootkits even more hazardous, as it allows trojans to access this personal information while the rootkit covers it up.

It has become increasingly popular for virus writers to make use of rootkit technologies. The reason for this is obvious – they make it possible to hide malware from PC users and antivirus programs. Numerous source codes for ready-made rootkits can be found on the Internet, which inevitably leads to their widespread use in various trojans or spyware programs etc.

However, rootkits are not always used to attack and gain control of a computer. Some software may use rootkit techniques to hide from 3rd party scanners to undetectably detect tampering or attempted breakins. Some emulation software and security software is known to be using rootkits. [4] Alcohol 120% and Daemon Tools are commercial examples of the use of non-hostile rootkits. Alcohol 120% is an optical disc authoring program and Disk image emulator created by Alcohol Soft Daemon Tools (styled DAEMON Tools by its creators is a Disk image emulator and optical disc authoring program for Microsoft Windows.

Rootkit is a term now somewhat loosely applied to cloaking techniques and methods. [5]

Types

There are at least five kinds of rootkits: firmware, virtualized, kernel, library, and application level kits. In Computing, firmware is a computer program that is Embedded in a hardware device for example a Microcontroller. In Computer science, a virtual machine (VM is a Software implementation of a machine (computer that executes programs like a real machine In Computer science, the kernel is the central component of most computer Operating systems (OS In Computer science, a library is a collection of Subroutines used to develop Software. Application software is a subclass of Computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform

Firmware

A firmware rootkit uses device or platform firmware to create a persistent malware image. The rootkit can successfully hide in firmware because firmware is not often inspected for code integrity. John Heasman demonstrated the viability of firmware rootkits in both ACPI firmware routines[6] and in a PCI expansion card ROM. [7]

Virtualized

These rootkits work by modifying the boot sequence of the machine to load themselves instead of the original operating system. Once loaded into memory, a virtualized rootkit then loads the original operating system as a Virtual Machine, thereby enabling the rootkit to intercept all hardware calls made by the guest OS. The SubVirt laboratory rootkit, developed jointly by Microsoft and University of Michigan researchers, is one example of a Virtual Machine based rootkit (VMBR); Blue Pill is another. Blue Pill is the codename for a controversial Rootkit based on Virtualization technology that targets Microsoft 's Windows Vista Operating

Kernel level

Kernel level rootkits add additional code and/or replace portions of an operating system, including both the kernel and associated device drivers. Most operating systems don't enforce any security distinctions between the kernel and device drivers. As such, many kernel mode rootkits are developed as device drivers or loadable modules, such as Loadable Kernel Modules in Linux or device drivers in Microsoft Windows. In Computing, a loadable kernel module (or LKM) is an Object file that contains code to extend the running kernel, or so-called base kernel Linux (commonly pronounced ˈlɪnəks In computing a device driver or software driver is a Computer program allowing higher-level computer programs to interact with a Hardware device Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. This class of rootkit is perceived as dangerous simply because of the unrestricted security access the code has obtained, regardless of the features the rootkit may employ. Any code operating at the kernel level may have serious impacts on entire system stability if mistakes are present in the code. The first and original rootkits did not operate at the kernel level, but were simple replacements of standard programs at the user level. Although traditionally security advances were made first on Unix systems, the first kernel rootkit was developed for Windows NT 4. 0 and released in the mid-1990's by Greg Hoglund. Greg Hoglund is a well known member of the Security community including the Black Hat Society and a published author on the subject of Computer security and

Kernel rootkits can be especially dangerous because they can be difficult to detect. The reason they can be difficult to detect is because they operate at the same level as the operating system, thus they can modify or subvert any request made by software on the running system. In a situation such as this, the system itself cannot be trusted. An accepted proper response in such a case is to perform system analysis offline using a second 'trusted' system and mounting the hard drive of the infected system as a resource.

Library level

Library rootkits commonly patch, hook, or replace system calls with versions that hide information about the attacker. For the slang term meaning female prostitution see Prostitution. In Computing, a system call is the mechanism used by an application program to request service from the Kernel. They can be found, at least theoretically, by examining code libraries (under Windows the term is usually DLL) for changes or against the originally distributed (and so presumably rootkit free) library package. Dynamic-link library (also written without the hyphen or DLL, is Microsoft 's implementation of the Shared library concept in the Microsoft Windows In practice, the variety of modified libraries distributed with applications and ServicePacks makes this harder than it should have been.

Application level

Application level rootkits may replace regular application binaries with trojanized fakes, or they may modify the behavior of existing applications using hooks, patches, injected code, or other means.

Detecting

Rootkit binaries can often be detected by signature or heuristics based antivirus programs, at least until they're run by a user and are able to attempt to conceal themselves. There are inherent limitations for any program that attempts to detect rootkits while the program is running under the suspect system. Rootkits are suites of programs that modify many of the tools and libraries upon which all programs on the system depend. Some rootkits attempt to modify the running kernel via loadable modules on Linux (and some other UNIX varieties), and through VxDs, virtual external drivers, on MS Windows platforms. VxD is the Device driver model used in Microsoft Windows/386, the 386 enhanced mode of Windows 3 The fundamental problem with rootkit detection is that if the operating system currently running has been subverted, it cannot be trusted, including to find unauthorized modifications to itself or its components. In other words, actions such as requesting a list of all running processes, or a list of all files in a directory, cannot be trusted to behave as intended by the original designers. Rootkit detectors running on live systems currently only work because the rootkits they can detect have not yet been developed to hide themselves fully.

The best, and most reliable, method for rootkit detection is to shut down the computer suspected of infection, and then check its storage by booting from an alternative medium (e. g. , a rescue CD-ROM or USB flash drive). CD-ROM (an initialism of "Compact Disc Read-Only Memory " is a pre-pressed Compact Disc that contains data accessible to but not writable A non-running rootkit cannot (ideally) hide its presence, and most established antivirus programs will identify rootkits armed via standard OS calls (which are often tampered with by the rootkit) and lower level queries, which ought to remain reliable. If there is a difference, the presence of a rootkit infection should be assumed. Running rootkits attempt to protect themselves by monitoring running processes and suspending their activity until the scanning has finished; this is more difficult if the rootkit is not allowed to run.

Security software vendors have attempted a solution by integrating rootkit detection into traditional antivirus products. Should a rootkit decide to hide during scanning, it will be identified by the stealth detector. If it decides to temporarily unload from the system, the traditional antivirus will find it using fingerprint detection. Since anti-virus products are almost never entirely capable of catching all viruses in public tests, this approach may be doubted on past behavior. But this combined approach may force attackers to implement counter-attack mechanisms (so called retro routines) in their rootkit code that will forcibly remove security software processes from memory, effectively killing the antivirus program. As with computer viruses, the detection and elimination of rootkits will be an ongoing struggle between tool creators on both sides of this conflict. A computer virus is a Computer program that can copy itself and infect a computer without permission or knowledge of the user

There are several programs available to detect rootkits. On Unix-based systems, three of the most popular are chkrootkit, rkhunter and OSSEC. chkrootkit ( Check Rootkit) is a common Unix -based program intended to help System administrators check their system for known Rootkits It is rkhunter ( Rootkit Hunter) is a Unix -based tool that scans for Rootkits backdoors and possible local exploits. OSSEC is a free, Open source Host-based intrusion detection system. For Windows, there are many free detection tools such as Sophos Anti-Rootkit, F-Secure Blacklight, Hypersight Rootkit Detector or Radix Anti-Rootkit. Another Windows detector is RootkitRevealer from Microsoft (formerly Sysinternals) which detects current rootkits by comparing the results from the OS to the actual listing read from the disk itself (cross-checking). RootkitRevealer is a proprietary tool for Rootkit detection on Microsoft Windows by Mark Russinovich at Sysinternals. Microsoft Corporation is an American multinational Computer technology Corporation, which rose to dominate the Home computer Sysinternals was a Web site (formerly known as "ntinternals" operated by the company Winternals Software LP, which was located in Austin Texas An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination However, some rootkits started to add RootkitRevealer to a list of files it does not hide from -- so in essence, they remove differences between the two listings, and the detector doesn't report them (most notably the commercial rootkit Hacker Defender Antidetection). Another method is to compare content of binaries present on disk with their copies in operating memory - some differences can be introduced by legal operating system mechanisms (e. g. , memory relocation), but some can be very likely classified as system call hooks introduced by a running rootkit (System Virginity Verifier). Zeppoo is another software product which detects rootkits under Linux and UNIX systems. Linux (commonly pronounced ˈlɪnəks Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer

As always, prevention is better than cure, for being certain you have removed a rootkit typically involves re-installation of all software. If the integrity of the system install disks is trusted, cryptography can be used to monitor the integrity of the system. By "fingerprinting" the system files immediately after a fresh system install and then again after any subsequent changes made to the system (e. g. , installing new software), the user or administrator will be alerted to any dangerous changes to the system's files. In the fingerprinting process a message digest is used to create a fixed-length "digest" dependent on every bit in the file being fingerprinted. Cryptography (or cryptology; from Greek grc κρυπτός kryptos, "hidden secret" and grc γράφω gráphō, "I write" By calculating and comparing message digest values of files at regular intervals, changes in the system can be detected.

Detection in firmware can be achieved by computing a cryptographic hash of firmware and comparing hash values to a whitelist of expected values, or by extending the hash value into TPM (Trusted Platform Module) configuration registers, which are later compared to a whitelist of expected values. In Computing, Trusted Platform Module (TPM is both the name of a published Specification detailing a Secure cryptoprocessor that can store cryptographic Code that performs hash, compare, and/or extend operations must itself not be compromised by the rootkit. The notion of an immutable (by a rootkit) root-of-trust, if implementable, ensures that the rootkit does not compromise the system at its most fundamental layer. Rootkit detection using a TPM is further described in Stopping Rootkits at the Network Edge, January 2007.

Removing

Many hold this to be forbiddingly impractical. Even if the nature and composition of a rootkit is known, the time and effort of a system administrator with the necessary skills or experience would be better spent re-installing the operating system from scratch. Since drive imaging software makes the task of restoring a “clean” OS installation almost trivial, there is no good reason to try to dig a rootkit out directly. Disk cloning is a category of Software which copies the contents of one computer Hard disk to another or into an "image" (a file "I suppose traditional rootkits could be made to be as hard to remove as possible even when found, but I doubt there is much incentive for that, because the typical reaction of an experienced sysadmin on finding a rooted system is to save the data files, then reformat [and reinstall]. Disk formatting is the process of preparing a Hard disk or other Storage medium for use including setting up an empty File system. This is so even if the rootkit is very well known and can be removed 100%. "Rootkit Question

While most Anti-Virus and Malware Removal tools remain ineffective against rootkits, tools such as BartPE and other Preinstallation Environment(PE) or Live Distros allow users to boot their computer with a fresh (presumably) "un-rooted" copy of the operating system. BartPE (Bart's Preinstalled Environment is a Live CD / Live USB version of the Microsoft Windows XP or Windows Server 2003 32bit A live CD or live distro is a computer Operating system that is executed upon boot, without installation to a Hard disk drive. This allows users to examine and replace affected system files and delete offending rootkits of most types while keeping the underlying systems intact. Since most rootkits hook system files needed at the lowest level of the OS, booting into Safe Mode will not usually allow removal of the rootkit process. Safe mode usually refers to a diagnostic mode used by a computer Operating system (OS In contrast, PE's do not rely on the infected underlying system structure but instead load a clean read-only copy of the Operating System allowing full control and detection of the rootkit. While most Administrators prefer a clean reinstall, a skilled Administrator using a PE can often delete and clean a rooted system if a reinstall is not a viable option.

Comparison with computer viruses and worms

The key distinction between a computer virus and a rootkit relates to propagation. A computer virus is a Computer program that can copy itself and infect a computer without permission or knowledge of the user Like a rootkit, a computer virus modifies core software components of the system, inserting code which attempts to hide the "infection" and provides some additional feature or service to the attacker (ie, the "payload" of a virus).

In the case of the rootkit the payload may attempt to maintain the integrity of the rootkit (the compromise to the system) --- for example every time one runs the rootkit's version of the ps command, it may check the copies of init and inetd on the system to ensure that they are still compromised, "re-infecting" as necessary. The rest of the payload is there to ensure that the intruder continues to control the system. This generally involves having backdoors in the form of hard-coded username/password pairs, hidden command-line switches or 'magic' environment variable settings which subvert normal access control policies of the uncompromised versions of the programs. A backdoor in a Computer system (or Cryptosystem or Algorithm) is a method of bypassing normal Authentication, securing remote access to a computer Some rootkits may add port knocking checks to existing network daemons (services) such as inetd or the sshd. In Networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports

A computer virus can have any sort of payload. However, the computer virus also attempts to spread to other systems. In general, a rootkit limits itself to maintaining control of one system.

A program or suite of programs that attempts to automatically scan a network for vulnerable systems and to automatically exploit those vulnerabilities and compromise those systems is referred to as a computer worm. A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network and it may do so without Other forms of computer worms work more passively, sniffing for usernames and passwords and using those to compromise accounts, installing copies of themselves into each such account (and usually relaying the compromised account information back to the intruder through some sort of covert channel). In Information theory, a covert channel is a parasitic Communications channel that draws bandwidth from another channel in order to transmit information

There are also hybrids. A worm can install a rootkit, and a rootkit might include copies of one or more worms, packet sniffers or port scanners. A port scanner is a piece of Software designed to search a network host for open ports This is often used by administrators to check the Also many of the e-mail worms are commonly referred to as "viruses. " So all of these terms have somewhat overlapping usage and are often conflated.

Publicly available

Like much malware used by attackers, many rootkit implementations are shared and are easily available on the Internet. It is not uncommon to see a compromised system in which a sophisticated publicly available rootkit hides the presence of unsophisticated worms or attack tools that appear to have been written by inexperienced programmers. A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network and it may do so without

Most of the rootkits available on the Internet are constructed as an exploit or "proof of concept" to demonstrate varying methods of hiding things within a computer system and of taking unauthorized control. Proof of concept is a short and/or incomplete realization (or synopsis) of a certain method or idea(s to demonstrate its feasibility or a demonstration in principle whose Since these are often not fully optimized for stealth, they sometimes leave unintended evidence of their presence. Even so, when such rootkits are used in an attack they are often very effective.

See also

References

  1. ^ Brumley, David (1999-11-16). A computer virus is a Computer program that can copy itself and infect a computer without permission or knowledge of the user A host-based intrusion detection system ( HIDS) is an Intrusion detection system that monitors and analyses the internals of a computing system rather than on The SANS Institute ( S ysAdmin A udit N etworking and S ecurity is a trade name owned by the for-profit Escal Institute of Advanced Technologies The Sony BMG CD copy prevention scandal concerns the Copy prevention measures included by Sony BMG on Compact discs in 2005 Year 1999 ( MCMXCIX) was a Common year starting on Friday (link will display full 1999 Gregorian calendar) Events 534 - A second and final revision of the Codex Justinianus is published invisible intruders: rootkits in practice. USENIX. The USENIX Association is the Advanced Computing Technical Association
  2. ^ Leyden, John (2004-10-25). "MMIV" redirects here For the Modest Mouse album see " Baron von Bullshit Rides Again " Events 1147 - The Portuguese, under Afonso I, and Crusaders from England and Flanders conquer Lisbon after a Mac OS X rootkit surfaces: Unpleasant Opener. The Register. Retrieved on 2007-07-15. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 1099 - First Crusade: Christian soldiers take the Church of the Holy Sepulchre in Jerusalem after the final
  3. ^ SH.Renepo.B Symantec Security Response Report: SH.Renepo.B. Symantec. Retrieved on 2007-07-15. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 1099 - First Crusade: Christian soldiers take the Church of the Holy Sepulchre in Jerusalem after the final
  4. ^ Russinovich, Mark (2006-02-06). Mark Russinovich is a Software engineer and Author who works for Microsoft as a Technical fellow. Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Events 46 BC - Julius Caesar defeats the combined army of Pompeian followers and Numidians under Metellus Scipio Using Rootkits to Defeat Digital Rights Management. Winternals. SysInternals. Archived from Using Rootkits to Defeat Digital Rights Management the original on 2006-08-31. Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Events 1056 - Byzantine Empress Theodora becomes ill dying suddenly a few days later without children to succeed the Throne Retrieved on 2006-08-13. Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Events 3114 BC - According to the Lounsbury correlation the start of the Maya calendar.
  5. ^ Unearthing Root Kits by Mark Russinovich in Windows IT Pro June 2005.
  6. ^ Implementing and Detecting an ACPI Rootkit, by John Heasman, presented at BlackHat Federal, 2006.
  7. ^ Implementing and Detecting a PCI Rootkit by John Heasman, 15 November, 2006.

External links

Dictionary

rootkit

-noun

  1. (computing) A set of software tools used by a third party after gaining access to a computer system in order to conceal the altering of files, or processes being executed by the third party without the user's knowledge.
© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
 Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic