This program is a spyware that makes Windows clients send their passwords in cleartext. EDIT: Wrong. I think it qualifies as a password sniffer but the article calls it a "server spoofer". In any case...it runs from a floppy - not sure that can at all be considered a spyware as we understand it today. See https://msdn.microsoft.com/en-us/library/cc750036.aspx. "The C2MYAZZ utility is an excellent example of a server spoofing attack. When Windows 95 was originally introduced, it included two methods of authenticating with a session message block (SMB) system. The default was to authenticate using an encrypted password. This was the preferred method for authenticating with a Windows NT domain. LANMAN authentication was also included, however, for backwards compatibility with SMB LANMAN server. LANMAN authentication requires that the logon name and password be sent in the clear. When C2MYAZZ is run, it passively waits for a client to authenticate to the NT server. When a logon is detected, C2MYAZZ transmits a single packet back to the client requesting that LANMAN authentication be used instead. The client, trusting that this is the server sending the request, happily obliges and retransmits the credentials in the clear. The C2MYAZZ utility would then capture and display the logon name and password combination. C2MYAZZ causes no disruption in the client's session, as the user will still be able to logon and gain system access. What makes this utility even more frightening is that it can be run from a single bootable floppy disk. An attacker only needs to place this disk into the floppy drive of a system, power the system on, and come back later to collect the captured credentials."