Vulnerability Development mailing list archives

Re: za and spyware (was: no subject)

From: Jonathan Rickman <jonathan () XCORPS NET>
Date: Wed, 13 Sep 2000 08:28:17 -0400

Would a program such as ...  zonealarm ... prevent these things from
working.  That is, would zone alarm provide you with a pop-up that says
something like "so-and-so.dll wants to connect to the internet?"  With
response options like allow, deny, probe with a red-hot-debugger and
"remember" this program?  Other than an ad-whacker program which would
have to be updated quite often almost like the virus checkers, or zone
alarm, is there another solution to this irritating issue?


I believe I can answer the question regarding ZA with some level of
accuracy by saying NO!!! ZoneAlarm will not detect the outbound
connections, or even warn about them in most cases. I believe (not
absolutely sure) that Tsadbot is the only one that actually connects to
the net on its own. All others, to the best of my knowledge, use your
default browser to establish a "piggyback" connection thus bypassing ZA.
@guard can be configured to stop them provided you know they're connecting
and where they're going.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.2

mQENAzm0QZQAAAEIAN3uNRQlWHMrHwKgTNzpYps6SLipfNvH+0uZi0TvxyXFHiiH
kivQYxlcPn/4Za4eyl5XZvP6lGQ3DXcCzT+9di75HqFtTiHeE9YScR0WEeBB1ywL
j8nKxFdGMCJ3a3khSafPvyTUQKGaEWQGnui+6UieWeBhDHdE/o21qNd0+6M49P73
0pVTdmdn1jPj1cU+vrqkNWMfNNNhLyPjrdPzoL6SoYzCs6p5YhLWaNOiet/91RhK
VpC8uy2cUIWNOAyAOtDJwF4GY+AIVP2WTLg6L/FByDH507HP4NvkbnwPAkDSTh7M
TlXvdoeNiaEUCYCgx8CFSCAg/pl819+gts810D8ABRG0JkpvbmF0aGFuIFJpY2tt
YW4gPGpvbmF0aGFuQHhjb3Jwcy5uZXQ+iQEVAwUQObRBlNffoLbPNdA/AQETwwf/
d4W131UXeWd1+hcCR1bkFJRx+08fNtHzbMzjqquA4IRPftt72M6RzDsRn1xpsdh+
RqP0oeZ0IfnByhXQ7x65JxRUaYW2mw8GNQOeTkJ2uNDg3SaFG2HGYxASohP2r8D6
Yh1WIfEgf3YDwoKyGAfJTgcfHZe85+hgg6R60KbGMAhWf5Tbb6IEpzdvBi/HoYHC
c1km8esjnMPDmR1aLjcRffaMmWGwXk/33oZRo3Q0SO/MvqWyo1kZnq2JIxX0MDAm
nm2p0cZtQc1sECkC1XyyyH8tgWhXwzYpucpsQ3IhWFrCuL7y4t/wREOgd4KaSxkN
OKraa8g7Nyh4s8rSHFvq5A==
=XYFV
-----END PGP PUBLIC KEY BLOCK-----

Current thread:

Re: How to prevent malicious linking/posting to webapps?, (continued)
- - - Re: How to prevent malicious linking/posting to webapps? Slawek (Sep 12)
  - Re: All Advantage Spyware Mark W. (Sep 12)
    - Re: All Advantage Spyware Russel Smith (Sep 12)
    - Re: All Advantage Spyware Jonathan Rickman (Sep 12)
    - Re: All Advantage Spyware Brad Griffin (Sep 12)
    - Re: All Advantage Spyware Doug Kahler (Sep 12)
    - Re: All Advantage Spyware MJK (Sep 12)
    - [no subject] Scott D. Yelich (Sep 12)
    - Re: your mail John R. Dennison (Sep 13)
    - Re: your mail Scott D. Yelich (Sep 13)
    - Re: za and spyware (was: no subject) Jonathan Rickman (Sep 13)
    - [no subject] H D Moore (Sep 14)
    - [no subject] Blue Boar (Sep 14)
    - Re: All Advantage Spyware Lincoln Yeoh (Sep 12)
    - Auto-update software... Scott D. Yelich (Sep 12)
    - Re: All Advantage Spyware Daehlie Owns (Sep 12)
  - Re: All Advantage Spyware John Masters (Sep 12)
    - Re: All Advantage Spyware Brad Griffin (Sep 12)
  - Re: All Advantage Spyware zoma (Sep 12)
    - RES: All Advantage Spyware Guilherme Mesquita (Sep 12)
    - Re: RES: All Advantage Spyware Russel Smith (Sep 13)

(Thread continues...)