Re: Adware, spyware, and trojans

[Gene <gyoo () attbi com>]

you could try running something like ntop and identify specific port 
that "known" malware communicates in, and run a script to alert you on 
these incidents...  i guess this would be a long way, but you could also 
do this with snort sensors, which i have done at work to run these 
specific communicating ports.

i'm not sure if there is a single solution, as you can see that i have 
multiple tools to monitor security in general...

gene

Carere, Courtney wrote:
> A lot of people have been suggesting Adaware to me, which is a great piece
> of software that I knew about, but unfortunately it must be run on each
> computer individually (as opposed to a server) and doesn't allow much room
> for automation...
>
> I think what I was thinking about wasn't so much spyware as software that
> would search out running Trojans...maybe scanning for established
> connections on ports used as the default for some well-known trojans,
> something like that.  As far as I know, antivirus software doesn't do this.
>
> - - Courtney Carere


--
Gene Yoo, gyoo () attbi com