[Snort-sigs] Snort for detecting spyware?

Imran William Smith iwsmith at ...500...
Sun May 5 18:09:01 EDT 2002

Has anybody done any work on detecting spyware with
snort?  Seems like the logical way to do it, but looks
like most approaches so far are host-based.

Several advantages to network method : 

1) not necessary to install software on each desktop
2) one client gets 'infected' with known spyware -> can
then block offending external sites for the whole organisation
at the firewall (or flex response).
3) very quick method to determine scale of the problem

I have contacted the people at www.lavasoftusa.com who
develop the well respected ad-aware product, asking them
if they could give any help with network based signatures,
and mentioning snort to them.

Imran William Smith
Security Products Development
Mimos Bhd, Malaysia

More information about the Snort-sigs mailing list