FW: Spyware & AD Ware

• Previous message: JJB: "RE: Spyware & AD Ware"
• Maybe in reply to: Spidey Knepscheld: "Spyware & AD Ware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: <freebsd-isp@freebsd.org>
Date: Tue, 20 Jul 2004 14:39:20 +1000

You can stop spy/adware on your firewall at the protocol level with snort
(from the ports) if you are willing to write some custom rules or google for
them.

There are some great examples of this in a snort add-on which is a
collection of "bleeding edge" rules can be found at
http://www.bleedingsnort.com/bleeding.rules

They would look something like what is shown below, which is an actual rule
used to stop Yesadvertising Banking Spyware.

alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE
Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase;
reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336;
rev:2;)

alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE
Yesadvertising Banking Spyware INFORMATION SUBMIT";
uricontent:"/cgi-bin/yes.pl"; nocase;
reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337;
rev:2; )

-----Original Message-----
From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]
On Behalf Of JJB
Sent: Tuesday, 20 July 2004 3:11 AM
To: spidey@act.co.za; freebsd-isp@freebsd.org
Subject: RE: Spyware & AD Ware

Spyware and AD Ware are ms/windows problems.
These have no effect on unix based systems.
www.download.com has the most popular free downloads for removing
these.

-----Original Message-----
From: owner-freebsd-isp@freebsd.org
[mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Spidey Knepscheld
Sent: Monday, July 19, 2004 11:27 AM
To: freebsd-isp@freebsd.org
Subject: Spyware & AD Ware

Hi

How do I stop Spyware and AD Ware to enter my network through a
FreeBSD
FW or can I stop it on the Cisco ?

Spidey

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to
"freebsd-isp-unsubscribe@freebsd.org"

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: JJB: "RE: Spyware & AD Ware"
• Maybe in reply to: Spidey Knepscheld: "Spyware & AD Ware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE: Spyware & AD Ware ... Spyware and AD Ware are ms/windows problems. ... www.download.com has the most popular free downloads for removing ... To unsubscribe, ... (freebsd-isp) Re: My Pharmacist Friend Called Me Yesterday ... He has been on vacation in Alaska for about ten days and while he was gone he had temp help (several pharmacists taking turns) from a nearby hospital filling in for him. ... a mere 352 days out-of-date and the spyware program he uses told me he was ... There is one ad ware i can think of that seizes the free ware program spybot seek and destroy. ... prior to infection! ... (alt.2600) Re: Home Page ... I believe if I were in your shoes, I would run spy-bot and check mark all ... the errors ad ware and spyware that it finds and remove ALL of them. ... (microsoft.public.windowsxp.help_and_support) Re: run32dll error ... Although I have already had installed and tried Ad ware / ... Spy bot and Spyware blaster I will try the CWshredder and ... >Try these programs to check for any spyware that may be ... >> On start up of Windows XP Prof I get an error message. ... (microsoft.public.windowsxp.general) [IBC] DO NOT (was: Re: [IBC] Great Informaton From Bonsai Experts) ... this link -- and my virus, spyware, ad ware, other-ware programs are all up to date. ... (rec.arts.bonsai)