Deciding which Applications are unwanted
PUA is a potentially unwanted applicationSub-Type: RAT is Remote Access Trojans
Description: tools used to remotely access systems but can be used by system admins, for example VNC or RAdmin Example: PUA.RAT.RAdmin-16 could be RAdmin Example: PUA.RAT.VNC-7 would be VNC Windows Example: Scanning a genuine UltraVnc gives this:C:\Program Files\UltraVNC\vnchooks.dll: PUA.RAT.VNC-21 FOUND
Sub-Type: PwTool is Password Tool
Description: Tools used to recover/find passwords. Can be useful for system admins. Example: DialupPass -8Sub-Type: NetTool
Description: General network LAN/WAN tools, for example ip scanning, port scanners, Netcat etc. Example: NetTool .Angryscan-2Sub-Type: Tool
Description: General system tools, process killers/finders Example: PsKill -2Sub-Type: Spy
Description: Keyloggers, spying tools Example: DigitalXSub-Type: Server
Description: Server based "badware" Example: DistributedNetSub-Type: Script
Description: Known "problem" scripts (Javascript/ActiveX etc.) Example: PUA.Script.Packed-1Sub-Type: Packed
Description: Known "bad" packers/tools which can used to hide malware or make debugging difficult Example: PUA.Packed.NPack-3Sub-Type: IRC
Description: IRC server based programs/malware Example: PUA.IRC.Mechbot These descriptions were provided by Steve Basford -- IanEiloart - 11 Sep 2008Edit | Attach | Print version | History: r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r1 - 2008-09-11 - 14:30:10 - IanEiloart
Main Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Main |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback