I'm very excited to announce a new project to fight spyware!! A bleeding snort user's suggestion has brought about a very promising idea and relationship fostered along by Renaud Deraison of Nessus. The goal of the project is to enhance the detection and identification of spyware. What we intend to do is build a partnership between the Nessus community, the Bleeding Snort community, and a spyware detection/cleaning project. The aim will be to identify new and existing spyware packages to simultaneously: 1. Write a Nessus plugin to detect it's presence 2. Write a snort signature to detect it on the network 3. Add the package to the applicable spyware cleaning package 4. Make the spyware and it's cleaning procedures publicly known and accessible We hope this project will help keep all of the detection and cleaning methods moving forward at the same pace, thus making it much more difficult for the spyware makers to slip past us. Using Nessus to detect some of these things will be difficult. But that functionality will bring Nessus another even further ahead of it's commercial peers. Adding more snort signatures to bleeding snort will only make the project more effective as well. We hope the benefit to a spyware detection project will be just as clear. What we need to get the project going are snort and nessus volunteers and a partner in the spyware field. We welcome as many spyware experts as possible into the project. There has been a great deal of research done on the registry keys and propagation methods of spyware. This project will be starting out a good deal behind, but with plenty of information available. We need a spyware expert that can guide the project toward the more important packages, and toward identifying the newest spyware as it's released. We hope that the benefit for the spyware expert will be not just to participate in a worthwhile cause, but to benefit from the new spyware that can be identified through the methods developed within the project. We need a number of people that have experience with Nessus and writing NASL plugins. As most spyware in windows based, some windows expertise would be helpful, but certainly not required. We intend to draw on the existing snort rule writing resources in the bleeding snort community that have been so forthcoming with their time to date. However any volunteers on the snort side that want to be directly involved or have a particular interest please let us know. All volunteers can email bloodyspyware@private to get involved. Remember, extensive experience is not a requirement, just a desire to learn and time to chip in. While this is a purely volunteer and open-source spirited project, we do welcome commercial involvement from organizations that can contribute to these efforts. Please email at the above address or myself directly if you're interested. All queries will remain confidential if a relationship does not materialize. Thanks all, and we hope to hear from you soon. Watch Bleedingsnort.com and Nessus.org for updates and links to the coming home of the project. Matthew Jonkman Bleedingsnort.com _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Oct 15 2004 - 15:52:49 PDT