Full Disclosure mailing list archives

Re: Tools for checking for presence of adware remotely

From: John Lampe <jwlampe () aceryder com>
Date: Wed, 30 Jun 2004 10:00:25 -0400 (EDT)



On Wed, 30 Jun 2004, Harlan Carvey wrote:

Does anyone out there know of any tools available to
probe network workstations for the presence of
adware/spyware?


Sure...Perl scripts.  As a security admin in an FTE
position, I had scripts that checked all systems
within the domain for entries in the ubiquitous 'Run'
key, as well as for BHOs.  Easy stuff, pretty trivial, actually.


And, using a similar methodology, Nessus checks for the top 20
spyware/adware progs.  Of course, as most of these checks involve looking
for a dll, exe, or registry entry, you'll need to configure Nessus with a
domain, account, and passwd.

John Lampe
jwlampe -at- nessus.org
http://f00dikator.aceryder.com/

"Truth is one, but error proliferates. Man tracks it down and cuts it up
into little pieces hoping to turn it into grains of truth. But the
ultimate atom will always essentially be an error, a miscalculation."

--Rene Daumal


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Tools for checking for presence of adware remotely Peter B. Harvey (Information Security) (Jun 29)
- RE: Tools for checking for presence of adware remotely Jeff Schreiner (Jun 29)
- Re: Tools for checking for presence of adware remotely Nancy Kramer (Jun 29)
- Re: Tools for checking for presence of adware remotely Joseph Pierini (Jun 29)
- Re: Tools for checking for presence of adware remotely hax (Jun 29)
- Re: Tools for checking for presence of adware remotely Harlan Carvey (Jun 30)
  - Re: Tools for checking for presence of adware remotely John Lampe (Jun 30)
- <Possible follow-ups>
- Re: Tools for checking for presence of adware remotely Joseph Pierini (Jun 29)