Phish detection (was Re: [Mimedefang] for mcafee lovers)
James Ebright
jebright at esisnet.com
Wed Mar 23 11:34:38 EST 2005
Hehe, you have never dealt with the newer forms of the browser hijacks then,
they usually exploit a vunderability in windows or use social engineering to
get on a PC (not much I can do but educate customers on the latter,
auto-updates are hopefully taking care of the former as best it can). Once a
browser hijack is in place they do many nasty things to your PC allowing TONS
of things in...
Typically they add urls to the trusted zones in IE.
They turn off firewalls.
They disable av and anti-spyware tools (some of the nastier ones have).
They change your internet zone to low.
They make numerous registry changes that make it extremly hard to get them
removed once they have called home and installed their poppup software.
poppupper is nasty about this.
The point here is.. the spyware just opened the door to even a simple website
with some php or java in it to edit the /etc/hosts... not to mention driveby
downloaders that will infect your PC with all kinds of viri...
I have no control over my end users PCs, platform, etc.. I am a service
provider, I give you this challenge, you lock down a windows PC as tight as
you can while still allowing it to get on the web, I will show you a customer
of mine capable of infecting it unkowingly in less than 15 minutes... :-)
Jim
On Wed, 23 Mar 2005 09:45:45 -0600 (CST), Ian Mitchell wrote
> I don't think auto updates will do anything to prevent spy ware. That's
> not a "threat" or a "critical" vulnerability, just an annoyance. Now,
> worms and viruses, M$ seems to put those a little higher up on the pecking
> order, sometimes. The only way to prevent spy ware is to disable the
> accessibility features and remove the end users abilities to
> interact with the computer (may involve surgically removing
> appendages). And that's provided you're fully patched... Otherwise,
> you adopt strict usability guild lines blessed by management, you
> heavily restrict permissions in the registry and on the file system,
> you turn off everything they don't need, firewall, scan, hoopa jupta
> stick it, dance a special dance, and pray or be prey.
--
EsisNet.com Webmail Client
More information about the MIMEDefang
mailing list