Penetration Testing mailing list archives
Re: Spyware assessment techniques
From: Paul Halliday <paul.halliday () gmail com>
Date: Fri, 10 Feb 2006 19:08:42 -0400
Hi,
loading free antispyware tools, scanning the host, individually recording the results, classifying the types of spyware encountered and reporting the results.
Unfortunately the majority of these miss an astounding amount of Malware. The easiest way to track down spyware and adware is to watch the machine as it browses the web. Most products happily announce themselves and the information they are contributing within their useragent details as they chat with webservers. Cheap and easy - If you are doing an organization: - get yourself on a span port on an upper level switch - make a quick snort install (http://www.snort.org) with the bleeding malware and virus rulesets (http://www.bleedingsnort.com ).There might be some helpful VRT rules too. - listen away. If you are doing a host: - interrupt the hosts uplink with a hub and plug your snort box in. You could have this all setup on a laptop. If you have snort logging to a database with something like sguil (http://sguil.sourceforge.net) you could probably throw some perl/php together to generate some nice reports. Hope this helps. On 2/10/06, Derek Nash <ddnash () gmail com> wrote:
I am now frequently getting requests for spyware/grayware/adware assessments as subcomponent of a larger security assessment. My efforts up to this point have been a manual process of loading free antispyware tools, scanning the host, individually recording the results, classifying the types of spyware encountered and reporting the results. Recently I have begun to consider including data from a web usage analysis tool that has the ability to identify spyware downloads and phone home attempts to augment these manual efforts. I am wondering what others are doing in regards to spyware assessments and if anyone is aware a spyware "network scanner" that would allow me to look at a larger sampling of hosts on a network during these assessments. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Spyware assessment techniques Derek Nash (Feb 10)
- Message not available
- Re: Spyware assessment techniques Eric Schultze (Feb 10)
- Message not available
- Re: Spyware assessment techniques Packet Man (Feb 11)
- Re: Spyware assessment techniques Paul Halliday (Feb 11)
- Message not available
- Re: Spyware assessment techniques Ed Hotchkiss (Feb 11)
- Re: Spyware assessment techniques Semper Securus (Feb 11)
- Message not available
- Re: Spyware assessment techniques - hub? Petr . Kazil (Feb 12)
- Re: Spyware assessment techniques - hub? Packet Man (Feb 12)
- Re: Spyware assessment techniques - hub? offset (Feb 12)
- RE: Spyware assessment techniques - hub? Richard Zaluski (Feb 13)
- RE: Spyware assessment techniques - hub? Dan Tesch (Feb 13)
- <Possible follow-ups>
- RE: Spyware assessment techniques Butler, Theodore (Feb 10)
- Re: Spyware assessment techniques Thorsten Holz (Feb 10)