Re: Tools for checking for presence of adware remotely

[hax <uberhax () gmail com>]

While I don't know of any specific tools that can check for spyware
remotely, it should be possible to use some basic network techniques
to check:

1)  Check for known spyware related http requests.  Most spyware seems
to change IE's startup page, for example, if a blacklist was to be
formed for spyware sites, anyone's box going to them could be flagged
as potentially infected.

2)  Configure SNMP.  Under most versions of Windows, you can run some
type of SNMP server.  This could be used to remotely check what
processes are running, and probably be configured to dump out registry
key settings.  Because thats how most spyware is detected anyway,
that'd be a good way to find it.  Of course, finding signatures might
be a bit more difficult, as the major anti-spyware vendors seem to
have their own ways of doing it.

3)  Install something like Adaware (which you can run on the
commandline) and write a logon script for your users that scans/cleans
in the background.  I'm no Windows admin, but I think that can all be
done remotely by the PDC.

Although I haven't had the joy of trying to implement such solutions
yet, that's my take on the best approach.

Let us know what you find
--hax

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html