lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <93c2e01604062922521f50f86d@mail.gmail.com>
From: uberhax at gmail.com (hax)
Subject: Tools for checking for presence of adware remotely

While I don't know of any specific tools that can check for spyware
remotely, it should be possible to use some basic network techniques
to check:

1)  Check for known spyware related http requests.  Most spyware seems
to change IE's startup page, for example, if a blacklist was to be
formed for spyware sites, anyone's box going to them could be flagged
as potentially infected.

2)  Configure SNMP.  Under most versions of Windows, you can run some
type of SNMP server.  This could be used to remotely check what
processes are running, and probably be configured to dump out registry
key settings.  Because thats how most spyware is detected anyway,
that'd be a good way to find it.  Of course, finding signatures might
be a bit more difficult, as the major anti-spyware vendors seem to
have their own ways of doing it.

3)  Install something like Adaware (which you can run on the
commandline) and write a logon script for your users that scans/cleans
in the background.  I'm no Windows admin, but I think that can all be
done remotely by the PDC.

Although I haven't had the joy of trying to implement such solutions
yet, that's my take on the best approach.

Let us know what you find
--hax


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ