Circumventing Antivirus via Transmutation
Researchers at Kumatori Accelerator-driven Reactor Test Facility (KART) (Economist article, if you subscribe) have discovered a way to forcibly decay radioactive waste (neptunium, plutonium, americium, curium, etc.) into less-lethal isotopes of elements that are only radioactive for years, instead of tens of thousands or tens of million years. Essentially, they slam radioactive waste with a neutron beam that adds mass to the radioactive waste, causing it to transmutate into another element, which in turn causes it to decay faster. This got me thinking, if you can slam an element with with a neutron beam to create a new element, well, maybe you can do the same thing to a file in order to avoid "pesky Anti-Virus"?
Well, it seems you can. A good example of this is Holy Father's Morphine. Morphine works by including its own PE loader. This enables it to put whole source image to the .text section of new PE file. It also contains a polymorphic engine which always creates absolutely different decryptor for the new PE file each time Morphine is run. Morphine was released in March of 2004, and the major Antivirus companies did not have a method of generically detecting "Morphined" executables until Q4 2005. The private version of Morphine still creates verisons of binaries that are undetectable to every Antivirus maker on the market.
Other ideas are simply to rearrange the executable so that it does essentally "the same thing", but modify the underlying instructions of the binary. An example would be to move the value in the edx register into the eax register. Typically, the program would do a mov edx, eax instruction to accomplish this. Well, a push eax followed by a pop edx will do effectively the same thing as a mov edx,eax --- take the value in edx and put it into eax. You see where I am going here, we can totally modify the static signature of the binary in this process. But, does it work....
....Well, not really. If I take a 3 byte instruction (mov edx, eax) and replace it with two 2 byte instructions (push eax and pop edx), I have changed the offset within the program by one byte. This means that every jump, every call in the program will be off by one byte, meaning the program will no longer work. Three possible solutions to this problem:
1. Only substitute equal size instructions
2. Recalculate all jumps and calls after the insertion or deletion of the total number of bytes.
3. Write our own trojan/virus, or whatever we are trying to accomplish (not the focus of this article though)
Ok, well if we do some googling, someone has already attempted #1. A guy named z0mbie already wrote a program called code pervertor that did this. Unfortunately, it didnt work very well as the heueristic engine in most AVs can catch these simple modifications. For #3, go ahead a create your own trojan or virus. But this is not an option if you aren't a trojan writer or programmer, or dont have the time to learn.
For #2, we actually find that another guy, tibbar, has created a very cool program to do just this. He calls his program CodeCrypter. He was nice enough to email me a verision with source to play with. You can see the result of tibbar's CodeCrypter here. You can see in the first column the address of the instruction, in the next, is the original instruction, and in the last is the new instruction(s) . Well, how does it work? Pretty well, most AV will be defeated by it. If you take a standard program you know AV will freak out out (Hacker Defender) and send it over to one of many sites that will check a binary against all 20 AV companies (I use virustotal.com), you will get a report similar to this:
This is a report processed by VirusTotal on 04/05/2006 at 00:03:33 (CET) after scanning the file "hxdef100.exe" file.
Note: The only Antivirus that doesnt find Hacker Defender is CA's eTrust. I can't believe anyone would attempt selling something even called "Antivirus" if it didnt at least find Hacker Defender. If you have eTrust installed, it is just wasting processor cycles, you are better off virtually folding protiens or something.
Anyway, if we run the binary through tibbar's code cryptor, we get much better results:
This is a report processed by VirusTotal on 04/05/2006 at 00:20:29 (CET) after scanning the file "hxdef100.exe" file.
The only "big name" Antivirus to discover the modified program is Kaspersky. All of the big guns, Symantec, McAfee, Sophos, Clam-AV are circumvented! Of course eTrust likely thinks this new version of the binary is winword.exe or something. ;)
So, why is it detected at all? Well, the version of CodeCrypter that I used retained the same OEP (original entry point). I suspect if this was randomized, all AV would be circumvented.
Comments? Suggestions?
~jack koziol~
Well, it seems you can. A good example of this is Holy Father's Morphine. Morphine works by including its own PE loader. This enables it to put whole source image to the .text section of new PE file. It also contains a polymorphic engine which always creates absolutely different decryptor for the new PE file each time Morphine is run. Morphine was released in March of 2004, and the major Antivirus companies did not have a method of generically detecting "Morphined" executables until Q4 2005. The private version of Morphine still creates verisons of binaries that are undetectable to every Antivirus maker on the market.
Other ideas are simply to rearrange the executable so that it does essentally "the same thing", but modify the underlying instructions of the binary. An example would be to move the value in the edx register into the eax register. Typically, the program would do a mov edx, eax instruction to accomplish this. Well, a push eax followed by a pop edx will do effectively the same thing as a mov edx,eax --- take the value in edx and put it into eax. You see where I am going here, we can totally modify the static signature of the binary in this process. But, does it work....
....Well, not really. If I take a 3 byte instruction (mov edx, eax) and replace it with two 2 byte instructions (push eax and pop edx), I have changed the offset within the program by one byte. This means that every jump, every call in the program will be off by one byte, meaning the program will no longer work. Three possible solutions to this problem:
1. Only substitute equal size instructions
2. Recalculate all jumps and calls after the insertion or deletion of the total number of bytes.
3. Write our own trojan/virus, or whatever we are trying to accomplish (not the focus of this article though)
Ok, well if we do some googling, someone has already attempted #1. A guy named z0mbie already wrote a program called code pervertor that did this. Unfortunately, it didnt work very well as the heueristic engine in most AVs can catch these simple modifications. For #3, go ahead a create your own trojan or virus. But this is not an option if you aren't a trojan writer or programmer, or dont have the time to learn.
For #2, we actually find that another guy, tibbar, has created a very cool program to do just this. He calls his program CodeCrypter. He was nice enough to email me a verision with source to play with. You can see the result of tibbar's CodeCrypter here. You can see in the first column the address of the instruction, in the next, is the original instruction, and in the last is the new instruction(s) . Well, how does it work? Pretty well, most AV will be defeated by it. If you take a standard program you know AV will freak out out (Hacker Defender) and send it over to one of many sites that will check a binary against all 20 AV companies (I use virustotal.com), you will get a report similar to this:
This is a report processed by VirusTotal on 04/05/2006 at 00:03:33 (CET) after scanning the file "hxdef100.exe" file.
| Antivirus | Version | Update | Result |
| AntiVir | 6.34.0.14 | 04.04.2006 | BDS/HacDef.073.B.1 |
| Avast | 4.6.695.0 | 04.03.2006 | Win32:Hacdef-G |
| AVG | 386 | 04.04.2006 | BackDoor.Generic.XPG |
| Avira | 6.34.0.54 | 04.04.2006 | BDS/HacDef.073.B.1 |
| BitDefender | 7.2 | 04.04.2006 | Backdoor.Hacdef.AE |
| CAT-QuickHeal | 8.00 | 04.04.2006 | Backdoor.HacDef.ae |
| ClamAV | devel-20060202 | 04.04.2006 | Trojan.HacDef.073.B |
| DrWeb | 4.33 | 04.04.2006 | BackDoor.HackDef.134 |
| eTrust-InoculateIT | 23.71.119 | 04.04.2006 | no virus found |
| eTrust-Vet | 12.4.2148 | 04.04.2006 | Win32/HacDef.E |
| Ewido | 3.5 | 04.04.2006 | Backdoor.HacDef.ae |
| Fortinet | 2.71.0.0 | 04.04.2006 | W32/HacDef.AE!tr |
| F-Prot | 3.16c | 04.04.2006 | security risk named W32/Hackdef.FI |
| Ikarus | 0.2.59.0 | 04.04.2006 | Backdoor.Win32.HacDef.084 |
| Kaspersky | 4.0.2.24 | 04.04.2006 | Backdoor.Win32.HacDef.073.b |
| McAfee | 4733 | 04.04.2006 | HackerDefender.gen.c |
| NOD32v2 | 1.1471 | 04.04.2006 | Win32/HacDef |
| Norman | 5.90.15 | 04.04.2006 | W32/Hacdef.CM |
| Panda | 9.0.0.4 | 04.04.2006 | Bck/Hacdef.ED |
| Sophos | 4.04.0 | 04.04.2006 | Troj/HacDef-Fam |
| Symantec | 8.0 | 04.04.2006 | Backdoor.HackDefender |
| TheHacker | 5.9.7.124 | 04.03.2006 | Trojan/hackdef.d3 |
| UNA | 1.83 | 04.04.2006 | Backdoor.Hacdef |
| VBA32 | 3.10.5 | 04.04.2006 | Backdoor.Win32.HacDef.ae |
Note: The only Antivirus that doesnt find Hacker Defender is CA's eTrust. I can't believe anyone would attempt selling something even called "Antivirus" if it didnt at least find Hacker Defender. If you have eTrust installed, it is just wasting processor cycles, you are better off virtually folding protiens or something.
Anyway, if we run the binary through tibbar's code cryptor, we get much better results:
This is a report processed by VirusTotal on 04/05/2006 at 00:20:29 (CET) after scanning the file "hxdef100.exe" file.
| Antivirus | Version | Update | Result |
| AntiVir | 6.34.0.14 | 04.04.2006 | no virus found |
| Avast | 4.6.695.0 | 04.03.2006 | no virus found |
| AVG | 386 | 04.04.2006 | no virus found |
| Avira | 6.34.0.54 | 04.04.2006 | no virus found |
| BitDefender | 7.2 | 04.04.2006 | MemScan:Backdoor.Hacdef.AE |
| CAT-QuickHeal | 8.00 | 04.04.2006 | (Suspicious) - DNAScan |
| ClamAV | devel-20060202 | 04.04.2006 | no virus found |
| DrWeb | 4.33 | 04.04.2006 | no virus found |
| eTrust-InoculateIT | 23.71.119 | 04.04.2006 | no virus found |
| eTrust-Vet | 12.4.2148 | 04.04.2006 | no virus found |
| Ewido | 3.5 | 04.04.2006 | no virus found |
| Fortinet | 2.71.0.0 | 04.04.2006 | suspicious |
| F-Prot | 3.16c | 04.04.2006 | no virus found |
| Ikarus | 0.2.59.0 | 04.04.2006 | Backdoor.Win32.HacDef.084 |
| Kaspersky | 4.0.2.24 | 04.04.2006 | Backdoor.Win32.HacDef.073.b |
| McAfee | 4733 | 04.04.2006 | no virus found |
| NOD32v2 | 1.1471 | 04.04.2006 | a variant of Win32/HacDef |
| Norman | 5.90.15 | 04.04.2006 | no virus found |
| Panda | 9.0.0.4 | 04.04.2006 | Suspicious file |
| Sophos | 4.04.0 | 04.04.2006 | no virus found |
| Symantec | 8.0 | 04.04.2006 | no virus found |
| TheHacker | 5.9.7.124 | 04.03.2006 | no virus found |
| UNA | 1.83 | 04.04.2006 | no virus found |
| VBA32 | 3.10.5 | 04.04.2006 | Backdoor.Win32.HacDef.ae |
The only "big name" Antivirus to discover the modified program is Kaspersky. All of the big guns, Symantec, McAfee, Sophos, Clam-AV are circumvented! Of course eTrust likely thinks this new version of the binary is winword.exe or something. ;)
So, why is it detected at all? Well, the version of CodeCrypter that I used retained the same OEP (original entry point). I suspect if this was randomized, all AV would be circumvented.
Comments? Suggestions?
~jack koziol~
11 Comments:
At 10:03 PM, Anonymous said…
How do you get a private version of morphine?
At 2:01 AM, Anonymous said…
Anybody knows where I can find codeCrypter? Old version would be just fine...
I checked the Tibbar site, but couldn't fint it.
Thanx.
At 2:42 PM, Jack Koziol said…
You can get tibbar's older version of CodeCrypter at globalsecurity.org. You have to have an account there though. Otherwise, you can email him.
At 1:53 AM, Anonymous said…
Jack, I know you can find CodyCrypter on governmentsecurity.org, but I don't have an account and registering for one seems rather complex process there :)
So, I *really* appreciate if someone can post a link where I can find it. I need it for personal and definitelly non-malicious testings.
Any version would be just fine.
Thank you.
Anonymous (the other one)
At 12:44 AM, yaodownload2006 said…
CyberScrub AntiVirus continuously checks for viruses in all opened, saved, and executed files, including archived and compressed files. Should an infected object be detected, the application will clean the infected location. A distinguishing feature of CyberScrub AntiVirus is its ability to delete malicious code from archives stored in ZIP format. Additionally, the software provides the option for on-demand scans of file contents, including files stored within MS Outlook Express. CyberScrub AntiVirus has three levels of anti-virus protection: Normal - Medium - High. The level chosen determines the level of anti-virus protection provided by on-demand checks and background monitoring.
http://www.yaodownload.com/utilites/antivirus/cyberscrub-antivirus/
At 3:11 PM, Anonymous said…
Good design!
[url=http://zowbzdzb.com/cyby/hznd.html]My homepage[/url] | [url=http://oqkhcnjw.com/ayey/pqaz.html]Cool site[/url]
At 3:11 PM, Anonymous said…
Thank you!
My homepage | Please visit
At 3:11 PM, Anonymous said…
Well done!
http://zowbzdzb.com/cyby/hznd.html | http://nicqzenc.com/lmjx/rako.html
At 5:06 AM, Anonymous said…
http://www.playfreegame.info/
http://www.playfreegame.info/americanroulette.html
http://www.playfreegame.info/checkersgame.html
http://www.playfreegame.info/chessgame.html
http://www.playfreegame.info/javagames-foryour-cellphone.html
free game, play free game, free online game, free game downloads, free internet game, free yahoo game, play free online game, free casino game, free sex game, free arcade game, free adult game, free kid game, free pc game, free full game download, play free yahoo game online, play sims game online for free, play free online game rpg, free car racing game to play, free game to play and download, free golf game to play online, play free online adventure game, play free yahoo game, play super mario game for free online, play free casino game online, free internet game play
http://www.playfreeonlinegame.info/
http://www.playfreeonlinegame.info/
http://www.playfreeonlinegame.info/bookwormgames.html
http://www.playfreeonlinegame.info/fatmanadventure.html
http://www.playfreeonlinegame.info/contragames.html
http://www.playfreeonlinegame.info/puzzlegames.html
play free online game, free online kid game, free online casino game, free online rpg game, free online sex game, computer free game kid online, free online multiplayer game, free yahoo game online, free online adult game, free online shooting game, play free yahoo game online, free online car racing game, free arcade game online, free online adventure game, free online racing game, free online poker game, free disney game online, free online flash game, free online role playing game, free online game site, free online bingo game, free online puzzle game, free online bowling game, free online pool game, free fun online game
http://www.soap-making-recipe.net/
http://www.soap-making-recipe.net/free-soapmaking-recipe.html
http://www.soap-making-recipe.net/how-to-makesoap.html
http://www.soap-making-recipe.net/soap-making-ingredient.html
http://www.soap-making-recipe.net/soap-making-instructions.html
soap opera, soap, soap opera digest, soap central, soap making, soap opera central, cbs soap, abc soap, soap city, natural soap, soap opera update, handmade soap, soap opera spoiler, yahoo tv directory soap opera, soap spoiler, general hospital soap opera, soap digest, soap dish, soap making supply, soap dispenser, yahoo soap, soap zone, passions soap opera, soap opera weekly, liquid soap
http://www.cheap-trip.net/
http://www.cheap-trip.net/familytrip.html
http://www.cheap-trip.net/beachtrip.html
http://www.cheap-trip.net/othercheaptrips.html
http://www.cheap-trip.net/tripplanning.html
trip advisor, trip, road trip, trip planning, fishing trip, boat trip, trip planner, las vegas trip, fishing trip alaska, cheap trip, game trip, trip hedley, street and trip, rafting trip, ski trip, field trip, honeymoon trip, euro trip, camping trip, trip advisor.com, microsoft street and trip, last minute trip, trip reward, trip hop, road trip planner
http://www.cheap-discount-fares.info/
http://www.cheap-discount-fares.info/low-fare-airlines.htm
http://www.cheap-discount-fares.info/discount-bus-fare.htm
http://www.cheap-discount-fares.info/discount-student-fare.htm
cheap fare, family fare, southwest airline fare, fare, best fare, lowest fare, greyhound schedule and fare, low fare, cruise fare, amtrak fare, travel fare, greyhound bus fare, amtrak schedule fare, american airline fare, best airline fare, fare consolidator, low fare flight, bus fare, plane fare, low fare airline, fare chase, air travel fare, lowest air fare, last minute air fare, earth fare
http://www.big-lyrics-collection.com/
http://www.big-lyrics-collection.com/song-lyric-collection.html
http://www.big-lyrics-collection.com/love-song-lyric.html
http://www.big-lyrics-collection.com/music-video-collection.html
http://www.big-lyrics-collection.com/systemofadown-lyric.html
lyric, song lyric, music lyric, high lyric musical school, panic at the disco lyric, a z lyric, az lyric, fall out boy lyric, disney high lyric musical school, lyric search, rent lyric, james blunt lyric, brown chris lyric, rap lyric, dont hip lie lyric, eminem lyric, kelly clarkson lyric, gospel lyric, nickelback lyric, rascal flatts lyric, flatts hurt lyric most rascal, green day lyric, bad day lyric, love lyric, johnny cash lyric
http://www.biography-books.info/
http://www.biography-books.info/biography-book.html
http://www.biography-books.info/titanic-biography-book.html
http://www.biography-books.info/biography-book-report.html
http://www.biography-books.info/biographybook-form-report.html
book, kelly blue book, computer book, audio book, phone book, book store, blue book, buy book online, blankson book samuel, sport book, amazon book, book worm, used book, child book, borders book, comic book, cook book, address book, book club, borders book store, yellow book, sports book, blue book value, book review, book case
http://www.cheap-trip.info/
http://www.cheap-trip.info/beach-trip.html
http://www.cheap-trip.info/road-trip.html
http://www.cheap-trip.info/camping-trip.html
http://www.cheap-trip.info/mission-trip.html
travel asia, travel, travel mexico, travel europe, travel south america, travel spain, travel central america, travel france, travel china, travel canada, travel taiwan, travel switzerland, travel germany, travel austria, travel argentina, travel japan, travel italy, travel russia, travel real estate career, air travel, travel brazil, travel portugal, travel holland, world travel, travel guide
http://www.free-transunion-credit-report.info/
http://www.free-transunion-credit-report.info/howtoread-transunion-creditreport.html
http://www.free-transunion-credit-report.info/transunion-credit-score.html
http://www.free-transunion-credit-report.info/transunion-creditreport-rating.html
http://www.free-transunion-credit-report.info/credit-repairreport-transunion.html
credit report, free credit report, online credit report, free annual credit report, annual credit report, free credit report online, equifax credit report, trans union credit report, credit report score, credit report repair, check credit report, experian credit report, free equifax credit report, business credit report, free credit report .com, fix your credit report, free instant credit report, government free credit report, instant credit report, free credit report and score, personal credit report, canadian credit report, credit report dispute, one time free credit report, free yearly credit report
http://www.free-yearly-credit-report.net/
http://www.free-yearly-credit-report.net/credit-report-score.html
http://www.free-yearly-credit-report.net/improve-credit-report.html
http://www.free-yearly-credit-report.net/fix-your-creditreport.html
http://www.free-yearly-credit-report.net/credit-report-dispute.html
credit card, credit, apply online for credit card, credit report, free credit report, apply for a credit card, credit union, home equity line of credit, bad credit, 0 apr credit card, bad credit loan, credit repair, business credit card, credit score, credit card debt, credit counseling, credit card application, online credit card approval, bad credit mortgage, bad credit personal loan, chase credit card, navy federal credit union, credit card processing, low apr credit card, chase.com credit card
http://www.mens-neck-ties.net/
http://www.mens-neck-ties.net/novelty-neck-tie.html
http://www.mens-neck-ties.net/silk-neck-tie.html
http://www.mens-neck-ties.net/windsor-knot.html
http://www.mens-neck-ties.net/half-windsor-tieknot.html
http://www.mens-neck-ties.net/four-in-handknot.html
http://www.mens-neck-ties.net/pratt-knot.html
http://www.mens-neck-ties.net/neck-tie-accessory.html
tie, how to tie a tie, silk tie, neck tie, bow tie, dye tie, hog tie, railroad tie, tie tie, cable tie, neck tie tie, tie up, man tie, simpson strong tie, down tie, tie tying, knot tie, family tie, tie wire, black tie, bow cincinnati tie, instructions tie tie, how to tie a bow tie, tie rack, tie my shoes
http://www.rent-dvd-movie.net/
http://www.rent-dvd-movie.net/dvd-movie-rental.html
http://www.rent-dvd-movie.net/browse-and-select.html
http://www.rent-dvd-movie.net/member-benefits.html
http://www.rent-dvd-movie.net/faq.html
dvd player, dvd online, portable dvd player, blank dvd, dvd shrink, dvd movie, dvd rental, dvd burning software, movie dvd video rental, dvd recorder, dvd movie online rental, dvd movie rental, download dvd movie, dvd movie club, burn dvd movie, download free dvd movie, adult dvd movie, copy any dvd movie, new dvd movie release, new dvd movie, buy dvd movie, dvd movie cover, basic dvd instinct movie, netflix dvd movie, copy dvd movie
http://www.1freedatingsite.com/
http://www.1freedatingsite.com/tipsfordating.htm
http://www.1freedatingsite.com/dating-for-men.htm
http://www.1freedatingsite.com/dating-for-women.htm
http://www.1freedatingsite.com/dating-advice.htm
http://www.1freedatingsite.com/dating-romance.htm
http://www.1freedatingsite.com/safe-dating-tips.htm
dating, dating site, free online dating, online dating, dating services, online dating service, adult dating online, adult dating, free dating, internet dating, christian dating, lds dating, free dating services, adult dating free, match dating, single dating, adult dating services online, dating web site, sex dating, gay dating, black dating, senior dating, free dating site, asian dating, dating personals
http://www.4freeonlinedating.com/
http://www.4freeonlinedating.com/onlinedating-tips-4freeonlinedating.htm
http://www.4freeonlinedating.com/mens-datingadvice-4freeonlinedating.htm
http://www.4freeonlinedating.com/womens-datingadvice-4freeonlinedating.htm
http://www.4freeonlinedating.com/loverelationship-4free-onlinedating.htm
alternative dating, dating tip for man, adult dating site, dating chat, dating game, christian dating services, dating direct, gay dating site, adult sex dating, dating woman, adult dating personals, adult dating services, international dating, yahoo dating, texas dating, new york dating, dating ads, double your dating, dating guest book, dating idea, chicago dating, dating sims, uk dating, seattle dating, arguing checklist dating
http://www.4healthcarejobs.info/
http://www.4healthcarejobs.info/home-healthcare-jobs.html
http://www.4healthcarejobs.info/health-care-services.html
http://www.4healthcarejobs.info/alternative-health-care.html
http://www.4healthcarejobs.info/health-care-quality.html
health, health insurance, health club, health care, womens health, man health, mental health, health and beauty, united health care, health fitness, health insurance quote, health food, health club gyms, health health, health spa, low cost health insurance, california health insurance, health food vitamin, pet health, mental health services, individual health insurance, health care jobs, texas health insurance, dental health, dog health
http://www.4skinrash.info/
http://www.4skinrash.info/babyskinrash.html
http://www.4skinrash.info/childskinrash.html
http://www.4skinrash.info/viralskinrash.html
http://www.4skinrash.info/fungalskinrash.html
http://www.4skinrash.info/dryskinrash.html
skin care, mr skin, skin rash, skin treatment, skin care product, skin cancer, facial skin care product, dry skin, anti aging skin care, natural skin care, skin disorder, man skin care product, skin disease, sensitive skin, dry skin care, acne skin care, skin care treatment, skin tag, win amp skin, celebrity skin, xanga skin, skin problem, man skin care, facial skin care, yahoo messenger skin
http://www.anti-wrinkle-face-cream.info/
http://www.anti-wrinkle-face-cream.info/antiwrinklefacialcream.html
http://www.anti-wrinkle-face-cream.info/deadseaantiwrinklecream.html
http://www.anti-wrinkle-face-cream.info/skincareantiwrinklecream.html
http://www.anti-wrinkle-face-cream.info/antiwrinkleeyecream.html
cream, wrinkle cream, anal cream pie, progesterone cream, vaginal cream pie, cream pie cathy, teen cream pie, peach and cream, amateur cream pie, shaving cream, skin cream, eye cream, stretch mark cream, anti wrinkle cream, moms cream, black cream pie, asian cream pie, facial cream, acne creams, interracial cream pie, anti aging skin cream, whip cream, mature cream pie, face cream
http://www.best-eye-cream.info/
http://www.best-eye-cream.info/maneyecream.html
http://www.best-eye-cream.info/deadseaeyecream.html
http://www.best-eye-cream.info/antiwrinkleeyecream.html
http://www.best-eye-cream.info/besteyecreamfordarkcircles.html
eye glasses, black eye pea, eye, eye of the tiger, pink eye, third eye blind, laser eye surgery, lasik eye surgery, eye doctor, red eye, eye care, bullz eye, eye candy, eye drop, black eye, eye make up, eye contact, queer eye, cotton eye joe, allan eye poke ray video, eye surgery, all seeing eye, eye disease, eye problem, golden eye
http://www.bmg-music-club.info/
http://www.bmg-music-club.info/bmgclubdvd.html
http://www.bmg-music-club.info/bmgmusicpublishing.html
http://www.bmg-music-club.info/bmgclubjazz.html
http://www.bmg-music-club.info/bmgsoundspirit.html
music download, music, free music downloads, music video, yahoo music, free music, music code, dowload music, music site myspace.com, download online music, music video code, aol music, music lyric, downloading music, myspace music, country music, sheet music, myspace music code, madonna music, 50 cent music, live music, free music video, listen to music, music search, music store
http://www.chase-master-card.com/
http://www.chase-master-card.com/chaseuniversalmastercard.html
http://www.chase-master-card.com/chaseplatinummastercard.html
http://www.chase-master-card.com/chasecontinentalmastercard.html
http://www.chase-master-card.com/chasemastercardvisa.html
http://www.chase-master-card.com/otherchasemastercards.html
master card, chase master card, platinum master card, master card international, bowl card master site spaces.msn.com super, card international master site spaces.msn.com, free and clear master card, card debit master mega reward, master card paypass, mosaik master card, sears master card, prepaid master card, citibank master card, master card super bowl, sears gold master card, capital one master card, master card credit card, card master paypass site spaces.msn.com, citi master card, mbna master card, household bank master card, orchard bank master card, canadian tire master card, visa master card, master card gift card
http://www.detroit-free-press.info/
http://www.detroit-free-press.info/detroit-press-sports.html
http://www.detroit-free-press.info/detroit-press-marathon.html
http://www.detroit-free-press.info/detroit-press-movie.html
http://www.detroit-free-press.info/detroit-press-classifieds.html
detroit news, ford detroit, detroit free press, restaurant detroit, chevrolet detroit, detroit, detroit lion, detroit piston, detroit tiger, used car detroit, dodge detroit, pontiac detroit, honda detroit, detroit red wings, flight to detroit, toyota detroit, detroit michigan, jeep detroit, bmw detroit, cadillac detroit, gmc detroit, chrysler detroit, detroit mercedes benz, hotel detroit, detroit metro airport
http://www.free-anti-virus-download.info/
http://www.free-anti-virus-download.info/computer-viruses-types.html
http://www.free-anti-virus-download.info/anti-virus-software.html
http://www.free-anti-virus-download.info/virus-removal-help.html
http://www.free-anti-virus-download.info/anti-virus-creators.html
http://www.free-anti-virus-download.info/virus-latest-news.html
http://www.free-anti-virus-download.info/the-wild-virus.html
http://www.free-anti-virus-download.info/virus-spread-mechanism.html
http://www.free-anti-virus-download.info/virus-definition-index.html
http://www.free-anti-virus-download.info/real-virus-code.html
http://www.free-anti-virus-download.info/top-antivirus-softwares.html
http://www.free-anti-virus-download.info/free-antivirus-phishing.html
http://www.free-anti-virus-download.info/trojan-horses.html
http://www.free-anti-virus-download.info/virus-hoaxes.html
http://www.free-anti-virus-download.info/virus-safety-tips.html
anti virus, anti virus software, symantec anti virus, norton anti virus, free anti virus, avg anti virus, free anti virus download, anti virus download, free anti virus software, panda anti virus, anti virus program, avg anti virus free, free nortons anti virus download, mcafee anti virus, anti virus protection, anti virus solution, anti virus product, yahoo anti virus, anti virus gratuis, norton anti virus 2006, free anti virus software download, norton anti virus download, free nortons anti virus, free norton anti virus, avg anti virus free download
http://www.free-bible-study.info/
http://www.free-bible-study.info/biblestudysoftware.html
http://www.free-bible-study.info/pocketpc.html
http://www.free-bible-study.info/biblegames.html
bible, online bible, bible study, bible gateway, bible verse, bible black, holy bible, king james bible, bible commentary, bible scripture, blue letter bible, bible dictionary, audio bible, bible concordance, bible story, bible code, book of the bible, bible quote, bible search, bible lesson plan, woman in the bible, niv bible, bible quiz, bible college, bible coloring pages
http://www.hoodia-750.info/
http://www.hoodia-750.info/hoodiatea.html
http://www.hoodia-750.info/hoodiainformation.html
http://www.hoodia-750.info/hoodiadietpill.html
http://www.hoodia-750.info/purehoodia.html
hoodia, diet pill, weight loss pill, birth control pill, morning after pill, pill identification, breast enhancement pill, prescription diet pill, breast enlargement pill, phentermine diet pill, pill identifier, hoodia gordonii, abortion pill, diet pill online, sleeping pill, best diet pill, hoodia side effects, fahrenheit diet pill, pain pill, hoodia diet pill, h57 hoodia, pure hoodia, hoodia weight loss, hoodia diet, hoodia patch
http://www.onlineuniversitydegreeprogram.net/
http://www.onlineuniversitydegreeprogram.net/bachelors-degree.html
http://www.onlineuniversitydegreeprogram.net/masters-degree.html
http://www.onlineuniversitydegreeprogram.net/doctoral-degree.html
http://www.onlineuniversitydegreeprogram.net/associate-degree.html
http://www.onlineuniversitydegreeprogram.net/online-strategies.html
http://www.onlineuniversitydegreeprogram.net/university-list.html
university of arizona, university of houston, columbia university, university of kentucky, george university washington, howard university, boston university, online pheonix university, bradley university, university of miami, university of illinois, harvard university, university virginia, university of tennessee, michigan state university, stanford university, university of minnesota, arizona state university, georgia state university, northwestern university, university of south carolina, university of cincinnati, university of toronto, akron university, university of chicago
http://www.platinum-master-card.info/
http://www.platinum-master-card.info/unsecuredplatinummastercard.html
http://www.platinum-master-card.info/platinumbusinessmastercard.html
http://www.platinum-master-card.info/platinumvisamastercard.html
http://www.platinum-master-card.info/otherplatinummastercards.html
credit card debt consolidation, travel reward credit card, bad credit credit card, credit card offer, student credit card, accept credit card, secured credit card, uk credit card, low interest credit card, low interest credit card, the best credit card, credit card merchant account, consolidate credit card debt, online credit card, capital one credit card, credit card consolidation, eliminate credit card debt, prepaid credit card, credit card machine, credit card deal, free credit card, credit card company, hsbc credit card, citibank credit card, instant approval credit card
http://www.unclaimed-funds.info/
http://www.unclaimed-funds.info/proceduretoclaimyourfund.html
http://www.unclaimed-funds.info/tipstosaveyourmoneyfrombeingunclaimed.html
http://www.unclaimed-funds.info/unclaimedproperty.html
http://www.unclaimed-funds.info/unclaimedmoneysearch.html
http://www.unclaimed-funds.info/unclaimedlifeinsurance.html
http://www.unclaimed-funds.info/otherinformation.html
mutual funds, american funds, unclaimed funds, exchange traded funds, vanguard funds, oppenheimer funds, best mutual funds, fidelity funds, investment funds, ohio unclaimed funds, electronic funds transfer, janus funds, vanguard mutual funds, money market funds, fidelity mutual funds, top mutual funds, aim funds, college funds, investing in mutual funds, new york unclaimed funds, closed end funds, columbia funds, no load mutual funds, no load funds, franklin funds
At 10:35 PM, Anonymous said…
free credit report, free annual credit report, free credit report online, free equifax credit report, free credit report .com, free instant credit report, government free credit report, free credit report and score, one time free credit report, free yearly credit report, free copy of credit report, free credit report com, california free credit report, get credit report free online, free credit report ohio, indiana free credit report, free credit report new york, arizona free credit report, free experian credit report, alabama free credit report, free credit report canada, 100 free credit report, absolutely free credit report, free canadian credit report, totally free credit report
ringtone verizon wireless, download free ringtone verizon, verizon web mail, verizon com, central verizon verizon.net, verizon net, verizon wireless store, verizon wireless arena, verizon online dsl home page, verizon prepaid, used verizon cell phone, razr verizon, verizon home, verizon msn, verizon phone numbers, dsl start verizon, verizon cell phone plan, verizon wireles, dslstart verizon, verizon blackberry, verizon prepaid wireless, verizon razor, cell free phone ringtone verizon, free phone ringtone verizon, download ringtone verizon
sprint cellular, call tone for sprint, free sprint ringer, new sprint phone, pimp my sprint, free sprint phone, cheap sprint cell phone, used sprint cell phone, sprint mobile, sprint download, cheap sprint phone, sprint wireless internet, sprint prepaid cell phonem, sprint cell phone plan, sprint ringer, used sprint phone, sprint razor phone, sprint nextel.com, sprint pcs ring tone, a900 sprint, sprint ringback tone, sprint plan, sprint survey, sprint pocket pc, puma sprint
car for sale, sell my car, classic car for sale, muscle car for sale, sell used car, old car for sale, race car for sale, matchbox car for sale, salvage car for sale, antique car for sale, sell car online, buy and sell car, drag car for sale, car wash for sale, car bill of sale, sell your car fast, enterprise car sale, sell car free, collector car for sale, sell your car on line, contract to sell your car, car contract sell, repo car for sale, sell junk car, classic car for sell
ringtone, downloadable ringtone, 3gforfree ringtone, free kyocera ringtone, celcom caller ringtone, ringtone maker, metro pcs ringtone, free tracfone ringtone, midi ringtone, virgin mobile ringtone, kyocera ringtone, jamster ringtone, ringtone composer, cricket ringtone, ringtone gratis, free cingular cell phone ringtone, 24 ringtone, 50 cent ringtone, free metro pcs ringtone, real music ringtone, make your own ringtone, hip hop ringtone, phone ringtone, cheap ringtone, hotlink maxis caller ringtone
nokia, nokia phone, nokia cell phone, free nokia ringtone, nokia mobile phone, nokia ringtone, n70 nokia, nokia 6600, nokia n90, nokia 6101, nokia 8800, n80 nokia, 6111 nokia, nokia cellular phone, nokia cellular phone, nokia 6630, nokia 6680, nokia 3220, new nokia phone, nokia theme, free nokia ring tone, nokia 6230, nokia accessory, nokia 6280, nokia 6102
nextel i930, nextel accessory , free nextel ring tone, nextel online, nextel i860, nextel blackberry, new sprint nextel phone, nextel cellular phone, nextel wireless, nextel i730, prepaid nextel, nextel partner, new nextel phone for 2006, nextel music ringtone, nextel sim card, free nextel, nextel faceplates, free nextel game, nextel phone accessory, nextel i710, nextel camera phone, nextel prepaid cell phone, nextel chirp, nextel cup racing, nextel battery
motorola, cell motorola phone, motorola razr, motorola phone, motorola razr v3, motorola razor, motorola q, motorola v3i, blue headset motorola tooth, accessory motorola, cell motorola new phone, code composer key motorola, download free motorola ringtone, motorola v710, accessory motorola razr, motorola v180, motorola v300, motorola software v3, motorola ring tone, free motorola ring tone, motorola talkabout, download mobile motorola phone tool, motorola recallk, download motorola phone tool, a1000 motorola, mobile motorola
auto part, auto quote, auto zone, auto repair, auto glass, napa auto part, used auto part, advance auto part, auto insurance company, auto cad, auto body shop, geico insurance, free health insurance quote, car insurance chicago, geico auto insurance, geico car insurance, insurance recreation vehicle, insurance vehicle, free life insurance, insurance recreational vehicle, on line car insurance, discount car insurance, diamond car insurance, cheap ontario car insurance, car insurance kansas city
verizon, verizon wireless, verizon email, verizon central, verizon dsl, verizon cell phone, verizon netmail, verizon phone, verizon online, verizon ringtone, ver