Specter Pro -- Spyware

FromTheRafters · External Since: Feb 16, 2009 Posts: 87

"G. Morgan" wrote in message

> G. Morgan wrote:
>
>>
>>Are there ANY programs that DO detect and remove it?
>
>
> I'm going to rephrase my question.
>
> Why wouldn't the author's of Super ASW and MBAM not include commercial
> key
> loggers in their detections? It doesn't matter if you bought the
> spyware in a
> nice package at Fry's, or downloaded it from any number of free
> sources.

Chances are, they will. Didn't Dustin invite you to upload the
executable? Sometimes all that is needed is an MD5 on non-polymorphics.

It would make sense for anti-spyware applications to have the ability to
detect PUPs. It would also be necessary to give the administrator the
ability to exclude the legitimately installed spyware from detection as
it's legitimate use would require. Windows in particular has parental
control (spyware) - would you want children to be able to detect and
possibly thwart its use?

> Key loggers are Spyware, period. I can't leave a customer's house
> after
> scanning with Avira, MBAM, and Super ASW --- knowing that none of them
> detects
> this "greyware". <--- Which I have a problem with that term.
>
> Forget what I said about my g/f. That was just theoretical. I'm
> talking about
> working on other's PC's now.
>
> Why do commercial vendors get a "pass", when script kiddies and other
> a$$holes
> that write Trojans for "fun" don't?

Because in some cases there is *no* difference, programmatically,
between the legitimate and the malicious spyware once it is installed.
The same goes for RATs - which can be described both as Remote Access
Trojan *and* Remote Administration Tool. The key difference is *how* it
becomes installed.

> I'll join the forum and see what happens. But, my strong opinion as a
> technician, the tools I use to must be 100% dead-on. Spyware is
> spyware, no
> matter what spin you put on it (PUP, Greyware) whatever.... Just
> because it
> comes in shrink wrapped box doesn't mean it's not spyware.

Use a process viewer and familiarize yourself with what *should* be
there. Chances are you will not have husbands spying on wives and vice
versa, but admins spying on standard users. If the spyware hides from
the administrator, it is *malware*, not greyware, and should be detected
by antimalware applications.

FromTheRafters · External Since: Feb 16, 2009 Posts: 87

"G. Morgan" wrote in message

> "FromTheRafters" wrote:
>
>>
>>The *malware* to detect, would be the surreptitious installer (trojan)
>>of the keylogger. Since you evidently installed it yourself, there
>>*is*
>>no malware to detect. If this program comes with a way to install it
>>surreptitiously, then that function (or it's result) *should* be
>>detected. What you would need in order to prevent one administrator
>>from
>>being able to detect that the other' has installed spyware is to have
>>the whole deal on a monitor or hypervisor where one administrates the
>>"platform" on which both administrators appear to administrate in the
>>emulated "environment".
>
> I also do house calls on the side. I would like a program that
> detects ALL key
> loggers, not just non-commercial ones. Husband spying on wife, etc...

I'm speculating here that some antispyware vendors would be willing to
supply detection for these once they are reported to them.

JD · External Since: May 02, 2010 Posts: 5

~BD~ wrote:
> JD wrote:
>
>>
>> We have a term down here in Texas. It's called "pi$$ing into the wind."
>> We try not to do that but sometimes one misjudges the wind direction.
>>
>
> Maybe that's why your still wet behind the ears! Wink

Good one, baiter Dave. I give up. You win!

--
JD..

Jenn · External Since: May 04, 2010 Posts: 2

"JD" wrote in message

> FromTheRafters wrote:

>
> We have a term down here in Texas. It's called "pi$$ing into the wind." We
> try not to do that but sometimes one mis-judges the wind direction.
>
> --
>

....again with the mature comments littered with foul language that you think
makes you look somehow more manly and smart....

Texas sayings isn't going to make up for a low IQ.

--
Jenn (from Oklahoma)
http://pqlr.org/bbs/

Jenn · External Since: May 04, 2010 Posts: 2

"JD" wrote in message

> FromTheRafters wrote:
>> "JD" wrote in message
>>
>>
>>> If everybody stopped replying to you, would you continue to just post
>>> and answer your own messages?
>>
>> Bingo!!
>>
>>
>
> Let's find out. I think he'd grow weary of his little bs game and move
> onto another newsgroup. We'll never know because it's not going to happen.
> And then Jenn pops up with her moron statements. I hate to see this
> newsgroup turn into this but so it goes.
>

I shall correct you ... Jenn doesn't *pop up* anywhere ... I gracefully
click on a newsgroup title and peruse the threads one by one........ Wink

--
Jenn (from Oklahoma)
http://pqlr.org/bbs/

~BD~ · External Since: May 03, 2010 Posts: 10

JD wrote:
> ~BD~ wrote:
>> JD wrote:
>>
>>>
>>> We have a term down here in Texas. It's called "pi$$ing into the wind."
>>> We try not to do that but sometimes one misjudges the wind direction.
>>>
>>
>> Maybe that's why your still wet behind the ears! Wink

>
> Good one, baiter Dave. I give up. You win!
>

Thanks! Smile

A lesson here for you ...........

http://eadi9.wordpress.com/2010/04/09/dont-mess-with-old-folks/

Quite an appropriate joke in view of the thread posts! Wink

--
Dave

ASCII · External Since: May 04, 2010 Posts: 10

This message is not archived

Dustin Cook · External Since: Jun 27, 2006 Posts: 74

"FromTheRafters" wrote in

> "G. Morgan" wrote in message
>
>> "FromTheRafters" wrote:
>>
>>>
>>>The *malware* to detect, would be the surreptitious installer
>>>(trojan) of the keylogger. Since you evidently installed it yourself,
>>>there *is*
>>>no malware to detect. If this program comes with a way to install it
>>>surreptitiously, then that function (or it's result) *should* be
>>>detected. What you would need in order to prevent one administrator
>>>from
>>>being able to detect that the other' has installed spyware is to have
>>>the whole deal on a monitor or hypervisor where one administrates the
>>>"platform" on which both administrators appear to administrate in the
>>>emulated "environment".
>>
>> I also do house calls on the side. I would like a program that
>> detects ALL key
>> loggers, not just non-commercial ones. Husband spying on wife,
>> etc...
>
> I'm speculating here that some antispyware vendors would be willing to
> supply detection for these once they are reported to them.
>
>
>

I would have to agree. Smile

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh..
nudge this boulder right down a cliff." - Goblin Warrior

Dustin Cook · External Since: Jun 27, 2006 Posts: 74

G. Morgan wrote in

> "FromTheRafters" wrote:
>
>>
>>The *malware* to detect, would be the surreptitious installer (trojan)
>>of the keylogger. Since you evidently installed it yourself, there
>>*is* no malware to detect. If this program comes with a way to install
>>it surreptitiously, then that function (or it's result) *should* be
>>detected. What you would need in order to prevent one administrator
>>from being able to detect that the other' has installed spyware is to
>>have the whole deal on a monitor or hypervisor where one administrates
>>the "platform" on which both administrators appear to administrate in
>>the emulated "environment".
>
> I also do house calls on the side. I would like a program that
> detects ALL key loggers, not just non-commercial ones. Husband spying
> on wife, etc...

As many of the keyloggers are commercial in nature; Perhaps you could
purchase a copy of the popular ones and provide the complete installer to
various antimalware researchers.

I'd be willing to release a database update to BugHunter to include each
one you are willing to provide. I'll go one step further, I'll submit
them to my friends at malwarebytes for possible inclusion into their
databases as well.

That's probably your best bet for getting something to detect all of
them; Atleast in so far as commercial goes. Us antimalware guys go for
the things we see in the wild, doing harm.

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

Dustin Cook · External Since: Jun 27, 2006 Posts: 74

G. Morgan wrote in

> G. Morgan wrote:
>
>>
>>Are there ANY programs that DO detect and remove it?
>
>
> I'm going to rephrase my question.
>
> Why wouldn't the author's of Super ASW and MBAM not include commercial
> key loggers in their detections? It doesn't matter if you bought the
> spyware in a nice package at Fry's, or downloaded it from any number
> of free sources.

It matters. It's a greyarea. Legimitate reasons exist for the commercial
packages. One being, monitoring of employees using company/network
equipment.

> Key loggers are Spyware, period. I can't leave a customer's house
> after scanning with Avira, MBAM, and Super ASW --- knowing that none
> of them detects this "greyware". <--- Which I have a problem with
> that term.

As I said, it's a greyarea. Potentially unwanted software, depending on
the conditions of it's installation.

If you want them to take a look, provide the installer executable so that
a proper analysis can be performed.

> Why do commercial vendors get a "pass", when script kiddies and other
> a$$holes that write Trojans for "fun" don't?

They don't get a pass per say. It depends on whether or not the employer
set the software up. If that's the case, the user has no right to
discover that spyware.

> I'll join the forum and see what happens. But, my strong opinion as a
> technician, the tools I use to must be 100% dead-on. Spyware is
> spyware, no matter what spin you put on it (PUP, Greyware)
> whatever.... Just because it comes in shrink wrapped box doesn't mean
> it's not spyware.

I'm a technician by trade as well, along with antimalware researcher; and
sadly, whether you like the term or not doesn't matter. It exists and
applies in some cases. As far as tools being 100%, as an author of one
myself, and fellow researcher for another, that's just not possible.
Sorry.

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

FromTheRafters · External Since: Feb 16, 2009 Posts: 87

"Jenn" wrote in message

> "JD" wrote in message
>
>> FromTheRafters wrote:

No I didn't - nothing in this previous post by Jenn was written by me.
Why are you attributing to me, words which are not mine? Are you trying
to discredit me!? Are you in cahoots with Harry Kellerman to defame my
good name? I have a hinky feeling about you two... Surprised

)

http://www.imdb.com/title/tt0067980/

>> We have a term down here in Texas. It's called "pi$$ing into the
>> wind." We try not to do that but sometimes one mis-judges the wind
>> direction.

We call it pissing, but I guess in Texas things are a little different.
Surprised

D

> ...again with the mature comments littered with foul language that you
> think makes you look somehow more manly and smart....

If it quacks like a duck ... oh wait ... that's fowl language...
nevermind.

> Texas sayings isn't going to make up for a low IQ.

Nearly half of all Texans are of below average intelligence, and don't
*even* get me started on Oklahomans.

Jenn · External Since: May 04, 2010 Posts: 1

FromTheRafters wrote:
> "Jenn" wrote in message
>
>> "JD" wrote in message
> We call it pissing, but I guess in Texas things are a little
> different.
>> oD
>
>> ...again with the mature comments littered with foul language that
>> you think makes you look somehow more manly and smart....
>
> If it quacks like a duck ... oh wait ... that's fowl language...
> nevermind.
>
>> Texas sayings isn't going to make up for a low IQ.
>
> Nearly half of all Texans are of below average intelligence, and don't
> *even* get me started on Oklahomans.

haha ok thats twice you made me laugh ... lol

Luckily... I am not FROM Oklahoma... I just live here. Very Happy

--
Jenn (from Oklahoma)

~BD~ · External Since: May 03, 2010 Posts: 10

FromTheRafters wrote:
> "Jenn" wrote in message
>
>> "JD" wrote in message
>>
>>> FromTheRafters wrote:
>
> No I didn't - nothing in this previous post by Jenn was written by me.
> Why are you attributing to me, words which are not mine? Are you trying
> to discredit me!? Are you in cahoots with Harry Kellerman to defame my
> good name? I have a hinky feeling about you two... Surprised

)
>
> http://www.imdb.com/title/tt0067980/

Always sharp! I suppose it's easier looking down from above! Wink

There was a trailer for Robin Hood on that link; did you notice?

*He* didn't like bad guys either!

--
Dave - it's in the genes of us Brits!

G. Morgan · External Since: Apr 30, 2010 Posts: 13

Dustin Cook wrote:

>As many of the keyloggers are commercial in nature; Perhaps you could
>purchase a copy of the popular ones and provide the complete installer to
>various antimalware researchers.

I'm not buying them, but here is where you can look.....

http://extremenova.org/details.php?q=4d21d5e379ac1bd6c756d8755a2e4637138803e7
http://h33t.com/download.php?id=4b383db7d8893f0f2d93ed61950f9b79c2e6f5...f=Spect
http://h33t.com/download.php?id=6627ba39fa2573190a632ae1aaf7e7b8ab9e60...f=Spect

Thanks for the offer.

G. Morgan · External Since: Apr 30, 2010 Posts: 13

"FromTheRafters" wrote:

>
>Nearly half of all Texans are of below average intelligence, and don't
>*even* get me started on Oklahomans.

LOL.... I'm in Texas (the good half), and just returned from OKC, you're
right.