Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] [Plugins-writers] New Spyware Project with Nessus and Bleed

from [Matt Jonkman] Network Security [Permanent Link]
Subject: [Snort-sigs] [Plugins-writers] New Spyware Project with Nessus and BleedingSnort!!!
Date: Sat, 16 Oct 2004 01:01:03 +0200 
I'm very excited to announce a new project to fight spyware!!

A bleeding snort user's suggestion has brought about a very promising
idea and relationship fostered along by Renaud Deraison of Nessus. The
goal of the project is to enhance the detection and identification of
spyware.

What we intend to do is build a partnership between the Nessus
community, the Bleeding Snort community, and a spyware
detection/cleaning project. The aim will be to identify new and existing
spyware packages to simultaneously:

1. Write a Nessus plugin to detect it's presence

2. Write a snort signature to detect it on the network

3. Add the package to the applicable spyware cleaning package

4. Make the spyware and it's cleaning procedures publicly known and
accessible

We hope this project will help keep all of the detection and cleaning
methods moving forward at the same pace, thus making it much more
difficult for the spyware makers to slip past us.

Using Nessus to detect some of these things will be difficult. But that
functionality will bring Nessus another even further ahead of it's
commercial peers. Adding more snort signatures to bleeding snort will
only make the project more effective as well. We hope the benefit to a
spyware detection project will be just as clear.

What we need to get the project going are snort and nessus volunteers
and a partner in the spyware field. We welcome as many spyware experts
as possible into the project.

There has been a great deal of research done on the registry keys and
propagation methods of spyware. This project will be starting out a good
deal behind, but with plenty of information available. We need a spyware
expert that can guide the project toward the more important packages,
and toward identifying the newest spyware as it's released. We hope that
the benefit for the spyware expert will be not just to participate in a
worthwhile cause, but to benefit from the new spyware that can be
identified through the methods developed within the project.

We need a number of people that have experience with Nessus and writing
 NASL plugins. As most spyware in windows based, some windows expertise
would be helpful, but certainly not required.

We intend to draw on the existing snort rule writing resources in the
bleeding snort community that have been so forthcoming with their time
to date. However any volunteers on the snort side that want to be
directly involved or have a particular interest please let us know.

All volunteers can email bloodyspyware@bleedingsnort.com to get
involved. Remember, extensive experience is not a requirement, just a
desire to learn and time to chip in.

While this is a purely volunteer and open-source spirited project, we do
welcome commercial involvement from organizations that can contribute to
these efforts. Please email at the above address or myself directly if
you're interested. All queries will remain confidential if a
relationship does not materialize.

Thanks all, and we hope to hear from you soon. Watch Bleedingsnort.com
and Nessus.org for updates and links to the coming home of the project.

Matthew Jonkman
Bleedingsnort.com

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] [Plugins-writers] New Spyware Project with Nessus and BleedingSnort!!!, Matt Jonkman <=
Previous by Date:  Re: [Snort-sigs] False Positive, Matt Kettler
Next by Date:  [Snort-sigs] Signature Proposal, Holger Heimann
Previous by Thread:  RE: [Snort-sigs] Signature Proposal, Esler, Joel - Contractor
Next by Thread:  [Snort-sigs] (no subject), reynald
Indexes:  [Date] [Thread] [Top] [All Lists]