Post Reply 
Malware Class IDs
Jul. 01, 2004, 12:31 AM
Post: #1
 
<span style='color:blue'>Last list update: Mar 4, 2005.</span>

From the ReadMe:
Quote:Malware CLSIDs (toolbars, hijackers, dialers, etc) are an Internet Explorer
issue - unless you are using Mozilla's Active-X plugin.

These filters compare encountered IDs with a blocklist and block the code on
match.

The list is quite big already and new malware CLSIDs will come.
So there are two changes because of that:

Updating the list is "semi-automated". Smile!
There are two filters included for Tony Klein's BHO Collection:

http://www.sysinfo.org/bholist.txt

The first one enables filtering of above text/plain file.

The second one removes the duped CLSIDs and compares the "X" (certified
malware) and "O" (open to debate) entries with the blocklist.&nbsp; Missed items
will be printed in the proper list format so that you just need to navigate to
above link and copy/paste.&nbsp; Hits/matches/missed stats are printed at the
bottom, too.

The list is scanned rarely now, since the filters will fail early for the Flash
CLSID.&nbsp; This hardly has any influence on the filter speed (yet), but it gives
you the option to save some memory and Proxomitron startup time by adding
"NoHash" somewhere to the top comment.


The list is current as of March 4th, 2005 and contains 975 entries (62 KB).

The zip contains the merge file "MergeMe.cfg" and the Count list (ScoJo/Mona,
modified) which is required if you want to see the stats.


Installation:

Copy "Count.txt" and "ClassIDs.txt" to the "lists" subdirectory.
Copy the the dummy-script "empty" to the "html" subdirectory.
Merge "MergeMe.cfg" with your config.

This is the stand-alone version. Don't merge it with my config set!
ClassIDs.zip (offsite link, 31 KB)


sidki
Add Thank You Quote this message in a reply
Jul. 01, 2004, 10:05 PM
Post: #2
 
Very nice work!

I'm impressed with the semi-automated updating filter Eyes Closed Smile
Visit this user's website
Add Thank You Quote this message in a reply
Jul. 03, 2004, 12:09 AM
Post: #3
 
Thanks Smile! - The counter code in that filter is ScoJo's/Mona's.
Add Thank You Quote this message in a reply
Jan. 16, 2005, 01:27 PM
Post: #4
 
Lists and filters updated, broken d/l link fixed. Smile!
Add Thank You Quote this message in a reply
Mar. 05, 2005, 12:58 PM
Post: #5
 
I've updated the list (first post).
Add Thank You Quote this message in a reply
Mar. 05, 2005, 05:55 PM
Post: #6
 
Nice work sidki! [thumbs up smiley]

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Mar. 05, 2005, 09:51 PM
Post: #7
 
Thanks.
Shea Wrote:[thumbs up smiley]
I'm missing that one as well! [lol]
Add Thank You Quote this message in a reply
Mar. 05, 2005, 10:47 PM
Post: #8
 
Im just happedned to find one. Kye-U, please add this one to the collection!

PS - Right click and save as a gif. The forum wouldn't let me upload a gif Sad.

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Mar. 05, 2005, 10:53 PM
Post: #9
 
[thumbs] - excellent!

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Mar. 05, 2005, 10:53 PM
Post: #10
 
[thumbs]

You can use it by typing:

Code:
[thumbs]

Cheers

Thanks Shea!
Visit this user's website
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: