lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040701013141.94842.qmail@web51506.mail.yahoo.com>
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: Tools for checking for presence of adware remotely

-aditya

> > Sure...Perl scripts.  As a security admin in an
> FTE
> > position, I had scripts that checked all systems
> > within the domain for entries in the ubiquitous
> 'Run'
> > key, as well as for BHOs.  Easy stuff, pretty
> trivial, actually.
> 
> but then you would have to keep on updating your
> bhos and other sigs, and what about the spyware that
> when removed from the run key refuse to let the
> network connections operate? how do u take care of
> them ?

You need to go back and read what I posted again.  I
never said anything about removing anything...all I
did was check.  By querying the BHO listings and the
entries in the Run key (and others), I was able to
narrow down the systems that needed to be visited
personally.  

It's not difficult to figure out how things work on
Windows systems.  Once you find that out, it's pretty
simple.  I will defer to Marcus Ranum's title of
"artificial ignorance" to describe how the Perl
scripts work...by identifying those things that are
known to be 'good' entries and filtering those out,
you're left with the suspicious stuff.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ