RE: Spyware assessment techniques

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Spyware assessment techniques

> Recently I have begun to consider including data from a web usage analysis
tool that has the 
> ability to identify spyware downloads and phone home attempts to augment
these manual 
> efforts. I am wondering what others are doing in regards to spyware
assessments and if 
> anyone is aware a spyware "network scanner" that would allow me to look at
a larger sampling 
> of hosts on a network during these assessments.

Specific to your question about a "network scanner" there are commercial
versions of anti-spyware tools that search client drives and report to a
central server.  But this hardly seems practical for a one-off assessment.

What might be more effective would be a system running Snort with the
Bleeding Edge (bleedingsnort.com) malware rules and then connected to a span
port or a port mirror of the firewall's inside interface.  This would let
you see malware both trying to spread and phone home.  You could set it up
and leave it in place for a few days and then review the results.

PaulM



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------