Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

spying on spyware

Posted on 2006-11-04
4
Medium Priority
?
220 Views
Last Modified: 2013-12-04

Hi,

I'm looking for a program that will tell me exactly what data SPYWARE.EXE
is reading and writing. I used filemon and diskmon from sysinternals.com,
but the last one especially is a bit cumbersome.

thanks a lot for helping,

Haico
0
Comment
Question by:haico
3 Comments
 
LVL 7

Accepted Solution

by:
Chatable earned 252 total points
ID: 17873363
There are a lot of ways to spy on a program.
As you noticed there is filemon which will tell you what data it reads/writes to files on the disk. There is also regmon, (also from sysinternals) which will tell you the data it reads/writes to the registry.
Also you should use WireShark (http://www.wireshark.org) to see what it sends to the Internet.
All this is really nice but will only be meaningful if the data is sent in plain-text, which is not the case for most spyware. Most spyware software will send data (and even save it to disk) with some sort of scrambling (sometimes even encryption), so the output of filemon or wireshark will look like a weird binary mess. Unfortunately decoding the data usually requires disassembling the software in question.
Maybe before doing anything yourself you should try searching a bit on that specific spyware that you have. You may very well not be the first one who's trying to determine what it does.
0
 
LVL 12

Assisted Solution

by:Dmitri Farafontov
Dmitri Farafontov earned 248 total points
ID: 20133755
Try to utilize Sandboxie and VMWare virtual machine. It is as close to the real world as possible within an a relatively safe and isolated environment. Again why I say relative is since nothing is 100% secure.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101064
Forced accept.

Computer101
EE Admin
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question