Full Disclosure mailing list archives
Re: Tools for checking for presence of adware remotely
From: hax <uberhax () gmail com>
Date: Wed, 30 Jun 2004 01:52:28 -0400
While I don't know of any specific tools that can check for spyware remotely, it should be possible to use some basic network techniques to check: 1) Check for known spyware related http requests. Most spyware seems to change IE's startup page, for example, if a blacklist was to be formed for spyware sites, anyone's box going to them could be flagged as potentially infected. 2) Configure SNMP. Under most versions of Windows, you can run some type of SNMP server. This could be used to remotely check what processes are running, and probably be configured to dump out registry key settings. Because thats how most spyware is detected anyway, that'd be a good way to find it. Of course, finding signatures might be a bit more difficult, as the major anti-spyware vendors seem to have their own ways of doing it. 3) Install something like Adaware (which you can run on the commandline) and write a logon script for your users that scans/cleans in the background. I'm no Windows admin, but I think that can all be done remotely by the PDC. Although I haven't had the joy of trying to implement such solutions yet, that's my take on the best approach. Let us know what you find --hax _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Tools for checking for presence of adware remotely Peter B. Harvey (Information Security) (Jun 29)
- RE: Tools for checking for presence of adware remotely Jeff Schreiner (Jun 29)
- Re: Tools for checking for presence of adware remotely Nancy Kramer (Jun 29)
- Re: Tools for checking for presence of adware remotely Joseph Pierini (Jun 29)
- Re: Tools for checking for presence of adware remotely hax (Jun 29)
- Re: Tools for checking for presence of adware remotely Harlan Carvey (Jun 30)
- Re: Tools for checking for presence of adware remotely John Lampe (Jun 30)
- <Possible follow-ups>
- Re: Tools for checking for presence of adware remotely Joseph Pierini (Jun 29)