============================================================
		==============Spreading by P2P for Fun and Profit===========
		============================================================
		=====================by Rott_En/Helith======================
		============================================================
	 	~~~~~~~		       20 / 07 / 2005		     ~~~~~~~
				       --------------

	"I think paranoia can be instructive in the right doses. Paranoia is a
	skill." - John Shirley


	Table of contents:
	==================

	1. Introduction
	2. History or Maiby Not
	2.1 Malware on the P2P - Past and Future
 	2.2 Malware Social Engineering in P2P
	3. Most Common P2P Networks Architecture
	3.1 eDonkey Network
	3.1.1 eDonkey
	3.1.2 eMule
	3.1.3 MLNet
	3.2 FastTrack Network
	3.2.1 Kazaa
	3.2.2 Kazaa Lite
	3.2.3 Kazaa Lite Resurrection
	3.3 Gnutella Network
	3.3.1 Gnucleus
	3.3.2 Limewire
	3.3.3 BearShare
	3.3.4 BearShare Lite
	3.3.5 ZP2P
	3.4 Multinetworked P2P
	3.4.1 Ares
	3.4.2 AresLite
	3.5.3 Morpheus
	3.5.4 Shareaza
	3.5.5 SoulSeek
	4. Final Words
	5. References
	6. Greetz

	1. Introduction
	===============

	Regardless of other already present methods, in this paper I will discuss
about malware spreading via P2P networks which are these days heavily used,
constantly serving for terrabytes of download and upload processes every day.
	I would like to ask you, the readers, to excuse some of my english spelling
and grammar mistakers as my primary language is not english. Hopepefully in future
versions of this paper I will improve and fix content level "bugs".
	As for a good start of this paper I am thinking to let you all know that all
the information written here was published for study purposes only and I do not and
will never encourage illegal spreading of computer code with such features. This
can bring you a lot of legal troubles and could damage numerous computer systems if
not properly monitored.
	If you agree to the above then you take full responsability of your actions
and carry on with this lecture. If however for any reason you do not agree then please
close this document and delete it off your hard drive now!
	This paper is designed to inform and to proof the possibilities present for
successful spreading of computer worms via P2P File sharing networks. Do not spread,
just read and study the methods in a secured test lab to convince yourself.

	2. History or Maiby Not
	=======================

	P2P file sharing networks appeared out of the need to share large quantities
of data between large numbers of Internet users in the fastest and easyest way possible.
When Napster "hit" the Internet in the fall of 1999, its inventor - Shawn Fanning wanted
a faster way to find music then searching IRC or Lycos.
	After Napster had legal problems,
Justin Frankel (Nullsoft) set out to create a new similar network which was named
Gnutella. The capacity of this network was never enough for all incoming previous Napster
users so bottlenecks quickly appeared.
	The FastTrack network solved this problem with some of its network nodes "more equal
then others". Gnutella later adopted the FastTrack model, and most current peer-to-peer
networks follow this "standard" model as it allows for large and efficient file sharing
networks without central servers.
	The last generation of P2P networks that has reached the Internet are the ones with
anonimity features already built-in such as friend-to-friend communication and file
sharing, allowing only your friends list to connect to your computer and vice-versa. Examples
of such Anonymous P2P networks are : MUTE, Napshare, ANts P2P and/or Waste.
	For the scope of the curent version of this article it is very important to note
that anonymous P2P networks have not reached large usability because of the overhead bandwidth
required to send a file with each intermediary used. This is why the anonymous "third generation"
P2P networks will not be trated in this paper but in a later updated version of the document.
	As a last but not least point in the evolution of P2P networks it is to be noted that
developers at Pennsylvania State University in cooperation with Massachusetts Institute of
Technology Open Knowledge Initiative are working on an Academic P2P Network that is actually
a hybrid born out of the standards of the Gnutella network and will be used for sharing academic
materials between different academic institutions worldwide.
	The LionShare academic network users will not be anonymous as everybody was used to
for all other P2P networks username registration.  The purpose of this is to deter the
sharing of copyrighted material over the network, and thus avoid legal issues.

	2.1 Malware on the P2P - Past and Present. Maiby Future
	=======================================================

	It should be already cristal clear to all security concerned people that P2P networks
represent an excellent breeding ground for all sorts of malware. Less reliable then P2P traffic
worms exploiting vulnerabilities in P2P networks, their clients and components, worms that
intelligently find their places into sharing folders of installed clients on victim computers while
also using good social engineering names, filesizes and differnet file formats such as plain
binary, archived or whatever the malware coder chooses can and will always represent a big threat
to file sharing networks users which are estimated at millions.
	While planning to write such a worm to improve my coding skills I took a look on the source
code of some already written worms, some very old and some quite new. From P2P-Worm.Win32.Surnova.a
which uses quite simple Kazaa file sharing and up to P2P-Worm.Win32.Krepper.c (both Kaspersky names)
I have not found any attempt to properly detect and make use of the widely unencrypted P2P clients
settings files and registry settings that could permit a significant tweaking of the worm files
sharing and so forward spreading.
	Looking into DC++ client which in my country is widely used for metropolitan networks file
sharing, after 2 minutes I have come across its "DCPlusPlus.xml" main settings file located in the
client install folder. This is a typical unecrypted XML file that stores, beyond other information,
the paths to the registered client's file sharing directories as chosen by the user at configuration
time.
	I will get back to this subject in the coresponding section but for now all that is to be
mentioned is the fact that I have prooven at least to myself that much faster and reliable P2P
sharing techniques can be obtained for malware spreading by using the already existing insecure
settings files and registry keys of commong clients.
	For the future : an XML parsing method (in C# its quite easy and fast) can input the path
to a P2P worm's own sharing folder, together with the new md5 files hashed, ready for DC++ to
take as legitimatelly shared. Please read the DC++ section for more on this topic.

 	2.2 Malware Social Engineering in P2P
	=====================================

	Spreading by P2P is similar somehow to spreading by Instant Messaging software. For very much
time virus writers have used the IRC network to send DCC file transfer requests from infected hosts to
adjacent chatroom connections. The DCC file transfer of the worm's copy would be probably followed by
a query containing a message to fool the unsuspecting target into accepting the file and running it.
The difficulty to successfully socialy engineer someone is variable from person to person and relies
mainly on the victim's trust versus the person / computer / connection adressing him/she/it. A friend
could tell you : "Please accept this funny picture of me and my girlfriend". A JPG file at first view
can be nothing damaging but as we all know past GDI vulnerabilities have made JPG files quite dangerous
for non-patched systems.
	A worm can include messages such as "Accept this free screensaver collection.
They are simply great!", followed by a file transfer over IRC, as we where covering old IRC -type social
engineering.
	But when it comes to P2P networks the social engineering art can rely on file names of the worm's
copy (i.e. "Kaspersky Antihacker Crack.exe") and/or even root folder's name shared by the worm (i.e. lets
say the worm creates the folder "Cracks Collection" somewhere on the disk. The worm can then put its copyes
in that folder under different "attractive" names. When shared under i.e. DC++ the root folder name
"Cracks Collection" will look quite normal and many people will download the most populat "cracks" from there,
infecting themselves. ) <- very long "i.e." ha ? :)
	Not to mention about the power to actually fool hash checking of most P2P networks which is based on
MD5. Since 1997 MD5 is "supposed" to be vulnerable and still used as default "secure random hash alogorithm".
Well it seems that it is not so secure anymore. The selection of MD5 matters  the constraint that deployed
implementations of the one-way hash primitive be functionally identical has been broken, so why not take
this as is - a possible security breach in many systems using MD5 or even MD5 dependent.
	So I am not sure if to call this social engineering but it seems like it - its somewhat similar to
making a person believe that the file you are sending him is safe. You can insert a specially crafted
file into a P2P network that has the exact MD5 hash as a very popular downloaded file. It has been prooven
that 2 files can have the same MD5 hash so imagine a 4MB file giving you the space to introduce 108 bit of
code : assembler or shellscript would do just fine as a backdoor, and yes, after the malicious code is inside
the trusted file the result will still have the original "certified" MD5 hash.
	How to accomplish this is past the scope of this paper, I am sorry. But anyway hash collisions
mean any file can be corrupted, which is obviously rather... "bad" for the network.
	As a conclusion to my further notes of hash algorithms found in each of the analysed networks, it is
important to know that the attacker can:
	- Can break MD4; build a fake file with the same hash as an arbitrary (given) file.
	- Can break sha-1 in the same way, with the fake file producing an identical hashtree to the good one.
	- Can NOT build a fake file with both sha-1 and md4 good hashes at the same time.
	All which is true for MD4 versus SHA-1 is also true for MD5 versus SHA-1.

	3. Most Common P2P Networks Architecture
	========================================

	A P2P network design relies on the hardware and bandwidth resources of its clients rather then on the
resource of a relativelly limited number of own servers. Such networks are usefull for many purposes, more or
less legal. As these networks have grown and reached millions of users malware writers decided to use them
as a medium of spreading.
	Because a pure peer-to-peer file transfer network does not have the notion of clients or servers,
but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes
on the network, when such a "peer" gets infected by some form of malware it is most likely that others will
get the infection also via specially crafted and shared files containing the malicious code.
	Some of the older networks used a client-server aproach for some tasks and a P2P one for others. Such
examples are Napster (R.I.P.), OpenNap or IRC. Gnutella is considered however "a pure P2P network",
although it is greatly facilitated by directory servers that inform peers of the network addresses of other peers.
	A good note is that Peer-to-peer architecture embodies one of the key technical concepts of
the internet, described in the first internet Request for Comments, "RFC 1, Host Software" [1],
dated 7 April 1969.
	The most common attacks that can be achieved on P2P networks are :
	a. poisoning attacks
	b. denial of service attacks
	c. defection attacks
	d. insertion of viruses to carried data
	e. malware in the peer-to-peer network software itself
	f. filtering
	g. identity attacks
	h. spamming

	Following is a presentation of major P2P networks and the settings and features that their clients present
in the scope of improved P2P malware sharing.

	3.1 eDonkey Network
	===================

	For every common network I am going to skip the general description which is true for all as they are
decentralised networks using their peers to share files instead of servers.
	What was surprising to find out is that the eDonkey network uses MD4 hash algorithm to calculate
the signatures for "identical" files that are using different names. Another feature of eDonkey is
that it shares file segments before the download completes as this usually speeds up file distribution
throughout the network.
	Getting back to MD4 usage by eDonkey Network for hashing, according to the RSALabs FAQ,
collisions for the full version of MD4 can be found in under a minute on a typical PC so lets just say
that you can and "should" insert those nasty payloads in the eDonkey Network. Its just a matter of
time untill some malware will use this feature, I am sure.
	Being at this point I am also thinking to stress the fact that MD4 and MD5 problems are not new,
actually MD5 problems have been noted since 1997 but processor power was not that big in that year
to permit the proper processing of collisioned hashes.

	3.1.1 eMule
	===========

	eMule is one of the most populat and widely used P2P clients.

	a. Get its install folder from this registry path:
	"HKEY_CURRENT_USER\Software\eMule" & InstallPath
	b. The %InstallPath%\config folder contains all the eMule settings files. They are unencrypted
and ready to be "improved" with certain features such as a new share folder and better settings
	c. In the specified "config" folder you can edit "preferences" plain text file in order to
tweak the application in any way you want. Such settings include :
		- Nickname
		- Client connection ports
		- Minimum and maximum upload speed to make sure that your file is spreading
		- Reconnect should be set to true
	d. Hashing algorithm(s) used : MD4 + ICH (Intelligent Coruption Handling) -> not so intelligent

	3.1.2 MLNet
	===========

	MLNet is a multi-network P2P client. Previously known as mldonkey, it's been the heart inside
some other packages, as mlMac and xDonkey. Supporting Mac OS X, Linux, BSD, Solaris, and Win32. It
works as a core, which can be accesed, managed and controlled via Telnet, Webb (with your favorite
browser) or via a graphic interface. Its multi-net support actually covers the following networks:

	* eDonkey 2000
	* Overnet
	* Kademlia
	* BitTorrent
	* FastTrack (Kazaa)
	* Gnutella
	* G2 (Shareaza)

	3.2 FastTrack Network
	=====================

	FastTrack is widely known as a second generation P2P network. It is based on supernodes. This
concept relies on powerfull computers with stable networking resources that are automatically turned
into supernodes for other weaker clients to connect to and get the indexing tables.
	The most interesting part is downloading from multiple sources. For this to be possible, the
FastTrack protocol uses UUHash hashing algorithm. While very fast for hashing large quanitites of data
it is fairly easy to suffer frm unnoticed hashing collisions. Many people, as well as the RIAA,
have exploited this vulnerability to spread corrupt and fake files on the network.
	UUHash will hash the first 300 kilobytes using MD5 and then apply a custom smallhash function
to 300 KB blocks at file offsets 2^n MB with n being an integer incremented from 0 until the offset
reaches end of file. Finally the last 300 KB of the file are hashed. If the last 300 KB of the file
overlap with the last block of the 2^n sequence this block is ignored in favor of the file end block.
	Not considering the fact that this URI format is not RFC conformant, it is clear that UUHash
refers to the Base64-encoding of the hash and not the hash itself.

	3.2.1 Kazaa
	===========

	a. Get its install folder from this registry path:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\Temp" & "InstDir"

	b. Basic tweaks that should be made to this P2P client:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\Temp" & "LaunchAV" = 0
	"HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\Temp" & "Antivirus" = 0

	c. Set the local shared folder by writing it to the following registry key:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\CloudLoad" & "ShareDir"
	"HKEY_LOCAL_MACHINE\SOFTWARE\Altnet" & "SharedMediaDir2"

	d. Hashing algorithm(s) used : MD5


	3.2.2 Kazaa Lite
	================

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\K-Lite

	b. Basic tweaks that should be made to this P2P client:
	"HKEY_CURRENT_USER\Software\K-Lite\Startpage" & "ULR of your choice here"

	c. Set the local shared folder by writing it to the following registry key:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\CloudLoad" & "ShareDir"

	d. Hashing algorithm(s) used : MD5

	3.2.3 Kazaa Lite Resurrection
	=============================

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\Kazaa Lite Resurrection

	b. Basic tweaks that should be made to this P2P client:
	Similar to Kazaa Lite, contains a lot of tools for frequent Kazaa users.

	c. Set the local shared folder by writing it to the following registry key:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Kazaa\CloudLoad" & "ShareDir"

	d. Hashing algorithm(s) used : MD5

	3.3 Gnutella Network
	====================

	Gnutella operates on a query flooding protocol. Its packet types are as follows:
    	- ping: discover hosts on network
    	- pong: reply to ping
    	- query: search for a file
    	- query hit: reply to query
    	- push: download request for firewalled servers

	Recent Gnutella extensions include intelligent query routing, SHA-1 checksums, query hit
	transmission via UDP, querying via UDP, dynamic queries via TCP, file transfers via UDP,
	XML meta data, source exchange a.k.a "the download mesh" and parallel downloading in slices.
	SHA-1 has its problems but is a bit more reliable then MD5!

	3.3.1 Gnucleus
	==============

	a. Get its install folder from this registry path:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gnucleus_is1"
	& "InstallLocation"

	b. Basic tweaks that should be made to this P2P client:
	Look into the unecrypted "GnuCOnfig" present in this path:
	%InstallLocation%\Data\GnuConfig.ini . Here all the settings are present and you can
	virtually rewrite the file without any problem. Here is an example configuration:

	[Local]
	AutoConnect=1
	ConnectGnutella=1
	ConnectG2=1
	ForceGnuUltra=0
	ForceG2Hub=0
	TrayOnMin=1
	TrayOnClose=0
	[Scheduler]
	Active=0
	Connect=22:0
	Disconnect=8:0
	[Share]
	Dir0=c:\program files\gnucleus\downloads, Recursive
	ReplyFilePath=0
	MaxReplies=64
	SendOnlyAvail=0


	c. Set the local shared folder by writing it to the following file:
	%InstallLocation%\Data\GnuConfig.ini i.e.  :

	[Share]
	Dir0=c:\program files\gnucleus\downloads, Recursive
	ReplyFilePath=0
	MaxReplies=64
	SendOnlyAvail=0

	Or you can copy your files directly to: %InstallLocation%\Downloads


	d. Hashing algorithm(s) used : SHA-1

	3.3.2 Limewire
	==============

	a. Get its install folder from this registry path:

	b. Basic tweaks that should be made to this P2P client:

	c. Set the local shared folder by writing it to the following registry key:

	d. Hashing algorithm(s) used :

	3.3.3 BearShare
	===============

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\BearShare

	b. Basic tweaks that should be made to this P2P client:
	%ProgramFiles%\BearShare\BearShare.dat seems to be briefly scrambled. Data
	is not plain text so for the resources vs. time scope it is not recommended
	to go into decryption, BearShare settings could be damaged at such an unsuccessfull
	attempt

	c. Set the local shared folder by writing it to the following registry key:
	- not avalable -
	Can be obtained by writing to the briefly encrypted settings file but this
	is not recommended, further testing will be made.

	d. Hashing algorithm(s) used : SHA-1

	3.3.4 BearShare Lite
	====================

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\BearShare

	b. Basic tweaks that should be made to this P2P client:
	%ProgramFiles%\BearShare\BearShare.dat seems to be briefly scrambled. Data
	is not plain text so for the resources vs. time scope it is not recommended
	to go into decryption, BearShare settings could be damaged at such an unsuccessfull
	attempt

	c. Set the local shared folder by writing it to the following registry key:
	- not avalable -
	Can be obtained by writing to the briefly encrypted settings file but this
	is not recommended, further testing will be made.

	d. Hashing algorithm(s) used : SHA-1

	3.3.5 ZP2P
	==========

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\ZP2P

	b. Basic tweaks that should be made to this P2P client:
	Look into the unecrypted "GnuCOnfig" present in this path:
	%InstallLocation%\Data\GnuConfig.ini . Here all the settings are present and you can
	virtually rewrite the file without any problem. Here is an example configuration:

	[Local]
	AutoConnect=1
	ConnectGnutella=1
	ConnectG2=1
	ForceGnuUltra=0
	ForceG2Hub=0
	TrayOnMin=1
	TrayOnClose=0
	ShowSplash=1
	StartAtStartup=0
	SwitchToTransfers=0
	HandleMagnetLinks=1
	HandleGnutellaLinks=1
	Paging=50
	[Scheduler]
	Active=0
	Connect=22:0
	Disconnect=8:0

	c. Set the local shared folder by writing it to the following file:
	%InstallLocation%\Data\GnuConfig.ini i.e.  :

	[Share]
	ReplyFilePath=0
	MaxReplies=64
	SendOnlyAvail=0

	Or you can copy your files directly to: %InstallLocation%\Downloads

	d. Hashing algorithm(s) used : SHA-1


	3.4 Multinetworked P2P
	======================

	The clients that are described in this section are multi-network applications
	that can connect to at least 2 different P2P networks. They are using the design and
	work methods of the respecting protocols and are able to communicate between them.
	A corect input of malicious files in the sharing folders of such multinetwork
	clients can be much more important then i.e. just going for FastTrack Network and/or
	Gnutella individually. The first step should be proper detection if such a multinetwork
	client is installed on the victim's computer and afterwards successfull propagation
	using the help of registry and settings file tweaks for the clients found on the system.
	Hashing algorithms are coresponding to the ones implemented in the supported
	networks.

	3.4.1 Ares
	==========

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\Ares. I am going to consider this
	as %InstallFolder%.

	b. Basic tweaks that should be made to this P2P client:
	In %InstallFolder%\Data there is a file "P2PFilter". This file should be deleted
	or at least emptyed so that no content filters apply to the P2P client that the infected
	host is using, permitting the human behind the infected machine to download any other form
	of malware or usually "filtered" content.

	c. Set the local shared folder by writing it to the following registry key:
	- not available -
	You can copy your malcious files directly to %InstallFolder%\My Shared Folder

	d. Hashing algorithm(s) used : MD5

	3.4.2 AresLite
	==============

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\Ares Lite Edition

	b. Basic tweaks that should be made to this P2P client:
	In %InstallFolder%\Data there is a file "P2PFilter". This file should be deleted
	or at least emptyed so that no content filters apply to the P2P client that the infected
	host is using, permitting the human behind the infected machine to download any other form
	of malware or usually "filtered" content.

	c. Set the local shared folder by writing it to the following registry key:
	- not available -
	You can copy your malcious files directly to %InstallFolder%\My Shared Folder

	d. Hashing algorithm(s) used : MD5

	3.4.3 Morpheus
	==============

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\Morpheus

	b. Basic tweaks that should be made to this P2P client:
	Look into the unecrypted "MorphConfig.ini" present in this path:
	%InstallLocation%\Data\MorphConfig.ini . Here all the settings are present and you can
	virtually rewrite the file without any problem. Here is an example configuration:

	[Local]
	UpdateMode=2
	TrayOnMin=1
	TrayOnClose=1
	AutoConnect=1
	FirstRun=0
	RunOnStartup=0
	[Scheduler]
	Active=0
	Connect=22:0
	Disconnect=8:0
	[Filter]
	Pass=
	Active=&h
	Data=

	c. Set the local shared folder by writing it to the following file:
	%InstallLocation%\Data\MorphConfig.ini i.e.  :

	[Search]
	DoubleCheck=1
	ScreenNodes=0
	ShowInHome=0
	DownloadPath=C:\Program Files\Morpheus\Downloads

	Or you can copy your files directly to: %InstallLocation%\Downloads

	d. Hashing algorithm(s) used : SHA-1

	3.4.4 Shareaza
	==============

	a. Get its install folder from this registry path:
	"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Shareaza.exe"
	& "Path"

	b. Basic tweaks that should be made to this P2P client:
	It is a multinetwork type client supporting bittorent files. It has no special features
	or possible tweaks. Will be updated if found later.

	c. Set the local shared folder by copying your files into this path:
	%MyDocuments%\Downloads

	d. Hashing algorithm(s) used : SHA-1

	3.4.5 SoulSeek
	==============

	a. Get its install folder from this registry path:
	- not available -
	Can be obtained by looking into %ProgramFiles%\SoulSeek

	b. Basic tweaks that should be made to this P2P client:
	All configuration files reside unecrypted in the default install folder.

	c. Set the local shared folder by writing your folder path to the
	following file: %SoulSeek_InstallPath%\shared.cfg

	d. Hashing algorithm(s) used : SHA-1

	4. Final Words
	==============

	This paper's scope was reached. What is that the scope ? To proove that all the P2P
networks and their clients are mostly similar and suffer from the same "vulnerabilities" that
could and will allow any malware to alter their settings file, to tweak their functionality in any
way desired and to find and infiltrate their sharing folders.
	Many of the analysed P2P protocols are using insecure hashing algorithms. This can and
will provide collisions leading to maliciously crafted files that can fool even security
concerned people.
	I was astonished to find out that eMule network uses MD4 which is ... BAD ... and was also
happy to see that newer P2P clients are using SHA-1 for their hashing jobs, although SHA-1 is not
at all secure it is a bit more reliable then MD5 (not to mention MD4).
	I will update this paper in the near future as it was written a bit un a rush in order to
be accepted for rrlf#6. I thank all rRlf staf that supported me and waited for my last minute
submittion - thank you guys and "Happy 5th anniversary!" ;)

	5. References
	=============

	I have used mostly only the P2P clients installers in a virtual environment (to avoid
all the nasty spyware threats).
	Of great help was the usage of:
	www.google.com  ( :-D *g* )
	www.wikipedia.com  -> OpenBSD driven :))

	6. Greetz
	=========

	Salutations to all the vxers arround the world that have a clean mentality.
	Special thanks go out to : rembrandt, Slagehammerm SPTH, DiA, Metal_ and all
the people that I skipped because of the heat that I am suffering from .. damn summer...