At the bleedingsnort.com project we've been a bit obsessed with spyware.
The sigs we have up have been doing a great job of helping us identify
and get cleaned hundreds of infected pc's. And we're hearing similar
success from many others.
We don't want to let those rules stagnate though. The spyware is always
changing, and I'm sure the distributors of spyware have seen our efforts
and are making changes to adjust and not be seen by existing rules. Many
of the rules are very easy to circumvent by changing a url or script name.
So this is a call for spyware. If you have details, infected systems,
and/or preferably pcap's of new and/or undetected spyware please send it
in. You can send to me direct or to bleeding@bleedingsnort.com. (Please
avoid sending those to this list, that's a bit off-topic)
It's been absolutely shocking the audacity of these advertisers and
information collectors. Getting this dark little secret detected and out
in the open is very much to all our benefit.
In a rather funny related story, 180solutions (a spyware maker) is suing
a partner for using IE exploits to get their stuff installed. That's an
interesting development.
Please send in your traffic dumps and spyware signatures. We must keep
this up to date.
Thanks
Matt
www.bleedingsnort.com
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
