Fooling the spyware scanners

[wdmcmh]

Any notice an increase in the spyware that knows how to trick the common spyware scanners? I've seen one that knows how to put itself in Adaware's ignore list, and twice this week I've run into some that cause Spybot to end its scan immediately and report no problems found.

 

[aquias]

I haven't recalled reading on those anywhere. Do you know what they were called?

I do know that spyware isn't coming alone anymore. What I've seen and read, more of is that spyware is being installed AFTER a trojan or some other program hits the system. It's that first program that is disabling antivirus, firewall, AND spyware scanners.

Once the initial defenses are disabled additional files are installed (depending on the bundle and/or installer it may actually call a secondary site for the rest of its bundle).

Its why more and more people are recommending programs like Syssafe that will monitor process startups and terminations and notify the user of any.

 

[aquias]

Additionally, I would recommend looking into a different real time protection for machines.

I'd highly recommend Counterspy (if you don't mind paying 20) but if you don't want to spend anything, then grab the MS antispyware beta.

 

[2ffat]

This why we've always said don't rely on one scanner. I recommend at least three scanners.


James P. Cottingham
-----------------------------------------
[sup]I'm number 1,229!
I'm number 1,229![/sup]

 

[wdmcmh]

This why we've always said don't rely on one scanner. I recommend at least three scanners"

As do I. The line between spyware and virus sure is getting thinner.

 

[pechenegs]

I'm also using programmes which monitor changes at start up and monitor processes and stop them fron being manipulated or shutdown by viruses etc! Process guard and antihook does this and give added protection to one's processes and programmes while watcher checks for changes at boot up once the desktop is loading up!