Analysis of Spyware

scubacuda writes "What actually happens when you install adware/spyware/malware? Follow the Bouncing Malware examines what's downloaded, redirected, and obfuscated. A fascinating read. (Part two was postponed in order to cover a new My Doom variant.)"

Even Sevens

[mfh]

> And that's were I'm going to end it for today. In the next part, I'll take a look at what happens as this chain of malware continues on it's merry way, and I'll also investigate what happens when I fire up IE the next time and visit my new home page.

Personally, I think you should examine ways to get even. Even-Stevens.

Up until this point, I've seen lots of anti-spyware put out that blocks spyware and protects your system from unjustified Reg entries etc., but it generally stops there. It's a shield when what we need is a shield and a sword.

Covenants, without the sword, are but words, and of no strength to secure a man at all -Hobbes

What I would like to see is anti-malware that bites back, hard.

We had this site going a while back that was going to test anti-trolling methods, like by taking a troll user and stuffing them in their own world. All their posts would be modded up and their view of the site was totally different than the users who were not trolls. Of course in tests it was easy enough for them to spoof their IP to get past this, but many of them didn't realize how to do it.

But for malware sites, what if we came up with a solution that would detect it and let it believe it was working, but generated the data needed to put these goofs in jail. I think the SETI distributed computing model could be slightly altered to work to this end.

Then we could get Even-Stevens.

Re:Even Sevens

[Crizp]

I got a cousin whose Windows XP would display 31 (he counted them) popups (a new, different one after the previous had been closed), when he logged on his user profile.

After I reinstalled XP for him, I installed Firefox and ordered him to use that and forget about IE unless he wanted to be hit upside the head with my cluestick. He doesn't know much about the underlying technology of computers and recent software but everyone in the family understands when I say "use that and evil stuff might be installed on the PC even if you're only surfing around". They take my word for it as I'm the resident geek.

I did the same with his family's computer. Now I just have to explain stuff to the youngest son who insists on using BearShare, Kazaa (even if I've said NOOOO!) and such stuff. He downloads and installs small programs. Once, the family computer was infected with over 150 viruses.

My cousin is extremely happy with Firefox, once I've shown him the concenpt of tabbed browsing, he's never looked back. And the computer don't get as much spyware installed now. The younger brother screws that up a bit 'cause he won't listen. Damn nu-metal ignoramus :)

malware honeypot?

[TheHawke]

I wonder if someone can whip up a honeypot that'll reverse-engineer some of the malware out there, munge all the URLS down and give proof that someone is doing this on purpose.

Then maybe the state DA's will jump in and make a lesson of a malware producer or two. That is, if they are local. IF not, LART until their router is unplugged.

This 'ware business is seriously getting out of hand and MUST be dealt with, one way or another. IF we have to force these jokers to go overseas, fine, then we'll do so and isolate their domains at root DNS.

Re:firefox testimonial

[TheHawke]

Oh Mod this parent up!
You hit the nail on the head several times with firefox's security. It does seem to have marked improvements over IE in security, blocking 'wares from going off in your system, to barring banners from starting up, ever!

Of course I maintain a hosts file that pretty much keeps them at bay.

http://www.pelicancoast.net/~nighthawke/hosts.zi p

Mozilla Firefox - it solves most problems....

[Gigantic1]

Those poor soles running Internet Explorer (like ME until recently) don't know what they are missing by not switching to Firefox, Opera, and some of the other fine browsers out there.

Usually, I skeptical about "Freeware", but Mozilla's Firefox has been a glorious exception. Not only is it faster, more intuitive, and easier to use than IE, it is also MORE SECURE. Unlike IE, Firefox does not allow ActiveX and VBScripts to run - and this is a blessing.

Please consider giving it a try.

Happy surfing.

And let's not forget...

[Tuxedo+Jack]

How about the bastards who make browser hijackers? Removing CoolWebSearch's affiliates wastes so much goddamn time at my office, it's literally taking nearly three hours a week.

And don't deny it - their affiliates DDoSed SpywareInfo because it told people how to remove their bastardly malware and provided CWShredder.

I say we go after them, drain their coffers dry, and donate the funds to the Mozilla Foundation or something.

A lot of people don't care

[.+visplek+.]

Funny thing is that a lot of people just don't care. I remember that visual plugin for Winamp: Wild Tangent Valentine Dancer. It turned out to be spyware (and so did the rest of Wild Tangent's plugins and apps) but a lot of people just wanted to see a girl dancing on their screen. They just don't care. Not aware of the results of a spyware infested computer and blinded by some digital hottie. The result is over 3,707,559 downloads.