Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Tools for checking for presence of adware remotely

from [hax] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Tools for checking for presence of adware remotely
Date: Wed, 30 Jun 2004 01:52:28 -0400 
While I don't know of any specific tools that can check for spyware
remotely, it should be possible to use some basic network techniques
to check:

1)  Check for known spyware related http requests.  Most spyware seems
to change IE's startup page, for example, if a blacklist was to be
formed for spyware sites, anyone's box going to them could be flagged
as potentially infected.

2)  Configure SNMP.  Under most versions of Windows, you can run some
type of SNMP server.  This could be used to remotely check what
processes are running, and probably be configured to dump out registry
key settings.  Because thats how most spyware is detected anyway,
that'd be a good way to find it.  Of course, finding signatures might
be a bit more difficult, as the major anti-spyware vendors seem to
have their own ways of doing it.

3)  Install something like Adaware (which you can run on the
commandline) and write a logon script for your users that scans/cleans
in the background.  I'm no Windows admin, but I think that can all be
done remotely by the PDC.

Although I haven't had the joy of trying to implement such solutions
yet, that's my take on the best approach.

Let us know what you find
--hax
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Tools for checking for presence of adware remotely, Joseph Pierini
Next by Date:  [Full-Disclosure] DSL router Prestige 650HW-31, Sami Gascón
Previous by Thread:  Re: [Full-Disclosure] Tools for checking for presence of adware remotely, Joseph Pierini
Next by Thread:  Re: [Full-Disclosure] Tools for checking for presence of adware remotely, Harlan Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]