Spyware: Gridlock within a year?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Spyware: Gridlock within a year?

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    510

    Spyware: Gridlock within a year?

    http://news.zdnet.com/2100-1009_22-5542133.html

    "The good news is that if it's left unchecked users' computers will just start grinding to a halt. As we saw with spam this will mean users and businesses simply cannot continue to ignore the problem. They will have to deal with it in order to get anything done."
    Is that good news for eveyone or just the people who work for anti-spyware firms? I wonder how many man/woman hours are lost solely by the user's computer running slow?

    Another related link

    http://news.zdnet.com/2100-1009_22-5541802.html
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  2. #2
    They will have to deal with it in order to get anything done.
    Or prevent it!

    Windows update, Firefox, firewall, view emails as text.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    This isn't a surprise to me. I see anywhere from 1500 - 2500 spyware hits an hour on my network of roughly 10,000 hosts. Spyware, in my opinion, is far worse than viruses/worms/Trojans. The sad thing is that I don't see a short term effective solution coming from anyone. Spyware removal is the new hook that salesmen will use to suck your budget dollars away. I've seen this pitch pick up in popularity 10 fold over the past 3 months. Does anyone remember the CA commercials where the vendor is a cardboard cutout that slips under your door? LOL. Simply change the words over to Spyware solution and that'll be the new breed of salesmen coming to a door near you.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Well I can speak from some experience after having cleaned out the pcs of some fairly savvy users, whose machines had slowed to a crawl. I took 80+ instances of spyware off one such user's laptop alone. They had no clue about spyware, yet weren't what I'd call pc illiterate beginners.

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Spyware, in my opinion, is far worse than viruses/worms/Trojans
    Yes.. besided the problems that the Spy/adware Parasites directly cause, ie system slowdowns, and internet/network connectivity issues, they appear to become a backdoor to the conventional malware. what is becoming common is the Kernel Hijack, and it seems to start with the adware trojans.

    I would add one extra tool for selfdefence, an adblocking Hosts file..

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    now a days, removal of spyware/adware take up most of my hours on the job. Its noly now getting the recognition it deserves as a hazard, and I know that even the most savvy of users can/do fall victim to it. yesterday I cleaed one of our sales peoples laptops, there were well over 1000 instances of adware, and I have pulled well over 15000 instances off a single computer before.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    There seems to be a lot more spyware infections pop up solely through casual web surfing.

    There's also a lot of ads for anti-spyware software and when people go to the link they get infected.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    OK... If you'll keep it a secret I'll tell you what I did for a solution to the spyware problem... What it leaves me with is the difficult stuff but all the normal stuff disappears....

    First set up a logoff script that deletes all the users temporary files.... That get's rid of a fair bit of the 'lowly' crap.

    Then I purchased three copies of a popular anti-spyware program that has a set of command line options that allow me to run it silently, in the background and in "unstoppable" mode and placed them on three servers that are strategically placed, from a bandwidth perspective, throughout my network. Then I scribbled startup scripts that run the anti spyware proggie from the appropriate servers. I added a sub-OU to the various OU's I have called Spyware cleanup and added the scripts to the login scripts.

    Then I downloaded and implemented the Bleeding Snort Malware rules, (amongst others), and implemented them on my internal sensors - giving me the internal IP of the infected boxes. When a box shows as infected it gets moved into the Spyware Cleanup OU and guess what happens....

    Just to be sure I place the startup script in the "standard" OU's once every six weeks or so for two to three days....

    I also enforced, through group policy, no ActiveX and scripts to prompt.

    Where I used to get about 1000 Bleeding Snort Malware rules violations a day and tried to chase them all down I now get, maybe, 50.... They are much easier to chase down....

    Am I a "bad" boy... Yeah.... Am I expedient.... Yeah.... But I try to do it in "good spirit".... That and the fact I don't have cash.... I'm a non-profit.... remember.... But it works.... and if I could afford more licenses I would buy them... But I paid for them out of my own pocket....

    [Edit]

    Oh, I forgot... You need to run each install from a local or remote machine every week or so and accept the opportunity to update the definitions otherwise you will run forever with old defs....

    [/Edit]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Great tip Tiger Shark. I was fooling around with a script which would scan firewall logs periodically throughout the day looking for any activity to known spyware IPs (using various lists out there) but I like the Snort idea much better. It provides a quicker discovery and probably is more accurate (wont miss as much).

    I'm dling Fedora Core now and will try that out with Snort. Any good resources you recommend? I'm pretty much new to Linux at least installing and configuring it...I use it semi daily but the system was already installed by one of my peeps.

    Thanks again.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    ric-o: Ahh... I can't help you with *nix... I'm a windows chap.... The windows binaries for everything you need for Snort are available and always up to date... The Bleeding Snort rules for malware are available at www.bleedingsnort.com.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •