RE: Spyware drama!

From: Dave Killion (dkillion_at_charter.net)
Date: 01/06/04

  • Next message: Meritt James: "Re: advice" 
    To: "'Francisco Mário Ferreira Custódio'" <fcustodio@eda.pt>, <security-basics@securityfocus.com>
Date: Tue, 6 Jan 2004 10:23:55 -0800

    FC,

    You could add signatures to an IDS/IPS/IDP system that detects the use of
    Spyware, and then hunt down the offending machine. Would require some work
    up-front, but save you time in the long run. A lot less invasive, as well.

    I know some of the major IDS/IPS/IDP vendors are adding those kinds of
    signatures to their products now. If you already own one, you're most of
    the way there. Otherwise, you could either look into one, or set up Snort
    on your own. Many of the Spyware apps use unique "User Agent" HTTP header
    fields (i.e. Gator uses UserAgent: Gator).

    Just a thought...

    -Dave

    > -----Original Message-----
    > From: Francisco Mário Ferreira Custódio [mailto:fcustodio@eda.pt]
    > Sent: Monday, January 05, 2004 10:08 AM
    > To: security-basics@securityfocus.com
    > Subject: Spyware drama!
    >
    >
    > Hey everybody!
    >
    > I am having lot's of traffic in my network, due to those
    > boring spywares that my "dear" users install everyday. I use
    > "ad-aware pro" to clean the workstations, but I have 500+
    > workstations on my network...
    >
    > So I want to know if you guys ever eard about a tool to
    > scan/clean "spyware"
    > by IP address. Like...providing an admin password, the
    > software would sweep a class C network...scanning/cleanning
    > every machine on it.
    >
    > Thank you all.
    >
    > FC
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >

  • Next message: Meritt James: "Re: advice"

    Relevant Pages

    • Re: computer shuts down without error or warning
      ... If not a cooling problem, I'd suspect spyware or virus infection. ... without updating signatures, definitely not perfect. ... They're all free - and most pretty small, so they download quickly enough. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: how to restore device drivers
      ... What does Device Manager say about these devices? ... Has she run a full antivirus scan with updated ... signatures and checked for spyware and trojans? ...
      (microsoft.public.windowsxp.device_driver.dev)
    • RE: Spyware & Registry changes
      ... you can always try removing it manually. ... After all, anti-spyware bots ... search for signatures, so you won't get in their way i suppose. ... > onto my laptop after formatting HD,it is now identifying spyware it can't ...
      (microsoft.public.security)
    • Re: how to develop adware or spyware
      ... Basically you must have a database of all the ad-ware and spyware you want ... to detect, the name (or may be signatures) of the files they use, the ... files or registry keys, and remove them. ...
      (microsoft.public.dotnet.languages.csharp)
    • Quantcast