The Grey Chronicles

2008.July.13

Custom-Blocking in SpywareBlaster


SpywareBlaster was developed by Javacool Software in 2002 to prevent spyware installation in Internet Explorer, Mozilla Firefox, Netscape, Seamonkey and Flock browsers.

SpywareBlaster is a prevention program, unlike most anti-spyware programs which utilize a “removal” approach after your system is already infected. SpywareBlaster effectively prevents ActiveX-based spyware, dialers, browser-hijackers and other malware or potentially unwanted programs from ever installing on your system in the first place.

One protection feature of SpywareBlaster include Restricted Sites Protection, which restrict the attempts of sites using Internet Explorer to download/install spyware, adware, dialers, browser hijackers, or potentially unwanted software.

Custom Blocking

Among the tools included in the recent version of SpywareBlaster [v4.00 1.25 MB (1,320,464 bytes)] is Custom Blocking. This is a created list of ActiveX Controls that blocks changes in the browser such as ActiveX CLSID that add search engine toolbars, browser plug-ins, etc.

I have created a customblocking.txt based on an ongoing Spyware Analyses using various antispyware software. Most of these are classified as Threats by most antivirus/antispyware software, while SpywareBlaster does not have it yet in their database. The list contains ActiveX CLSIDs usually installed in the registry branch:
HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility

The total count of ActiveX in this list is 24,529 items consisting of:

Malwares

Malwares addressed by customblocking.txt for SpywareBlaster

The most prevalent ActiveX in the list are:

Malwares by ActiveX CLSID

Malwares by ActiveX CLSID

Deployment

To install the customblocking.txt list, download a copy to the SpyBlaster directory. Open SpyBlaster then select Tools, choose Custom Blocking.

Each of the ActiveX CLSIDs would have to be carefully enabled by making a checkmark on some or all of them. Click on the ‘Protect Against Checked Items’ button to complete this procedure. All ActiveX CLSID not selected would remain in bold red letters, while those with enabled protection would be in normal black fonts.

Here’s a preview of the contents of this customblock.txt:

View this document on Scribd

Epilogue

After I have enabled this custom block, I have strengthened my computer from these threats and subsequent attacks.


Notes:

This post was revised 25 March 2009 by changing the link to customblock.txt, now hosted at Scribd. Also, included a Scribd preview on the contents of the customblock.txt.

Disclaimer: The posts on this site does not necessarily represent any organization’s positions, strategies or opinions; and unless otherwise expressly stated, are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Philippines License.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: