how to detect a spyware over http?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite
1












I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)










share|improve this question





















  • I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
    – CoderPE
    5 hours ago















up vote
2
down vote

favorite
1












I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)










share|improve this question





















  • I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
    – CoderPE
    5 hours ago













up vote
2
down vote

favorite
1









up vote
2
down vote

favorite
1






1





I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)










share|improve this question













I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)







forensics spyware






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 6 hours ago









MysticDog

284




284











  • I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
    – CoderPE
    5 hours ago

















  • I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
    – CoderPE
    5 hours ago
















I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago





I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago











1 Answer
1






active

oldest

votes

















up vote
4
down vote













There are countless ways spyware can exfiltrate information, including, but not limited to:



  • HTTP using a method such as GET, POST, PUT, etc.


  • Raw TCP or UDP payload contents.


  • Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).


  • ICMP payload contents, which are normally hidden.


Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.






share|improve this answer




















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197432%2fhow-to-detect-a-spyware-over-http%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    4
    down vote













    There are countless ways spyware can exfiltrate information, including, but not limited to:



    • HTTP using a method such as GET, POST, PUT, etc.


    • Raw TCP or UDP payload contents.


    • Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).


    • ICMP payload contents, which are normally hidden.


    Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.






    share|improve this answer
























      up vote
      4
      down vote













      There are countless ways spyware can exfiltrate information, including, but not limited to:



      • HTTP using a method such as GET, POST, PUT, etc.


      • Raw TCP or UDP payload contents.


      • Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).


      • ICMP payload contents, which are normally hidden.


      Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.






      share|improve this answer






















        up vote
        4
        down vote










        up vote
        4
        down vote









        There are countless ways spyware can exfiltrate information, including, but not limited to:



        • HTTP using a method such as GET, POST, PUT, etc.


        • Raw TCP or UDP payload contents.


        • Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).


        • ICMP payload contents, which are normally hidden.


        Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.






        share|improve this answer












        There are countless ways spyware can exfiltrate information, including, but not limited to:



        • HTTP using a method such as GET, POST, PUT, etc.


        • Raw TCP or UDP payload contents.


        • Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).


        • ICMP payload contents, which are normally hidden.


        Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 6 hours ago









        forest

        25.5k127993




        25.5k127993



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197432%2fhow-to-detect-a-spyware-over-http%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?