Spyware Researchers Discover ID Theft Ring

CoolWebSearch is common spyware... Within the org that I support, I see it about three times a day.

This is not good.

ETA:

Eckelberry said the "CoolWebSearch" payload included a typical adware download that immediately scanned the infected machine for e-mails to use for spam runs. It then sets up a "very intelligent keylogger" that looks for very specific information.

this company has several tools to help remove the CWS


I suggest buying to support them!  trend micro antispyware

Quoted: this company has several tools to help remove the CWS I suggest buying to support them!  trend micro antispyware

This is also not a bad site.

ETA:
Trend bought out CWShredder early on in the crap storm...
Reading that history over the three years that he ran it will give you some idea of how evil this crap is.

ETAA:

Current version of CWShredder.

Please, people. Get a good firewall and
block your outbound ports. Prevent these
little bastards from phoning home.

I am shocked that so many people have
no firewalls on their PCs.

Quoted: Quoted: this company has several tools to help remove the CWS I suggest buying to support them!  trend micro antispyware This is also not a bad site. ETA: Trend bought out CWShredder early on in the crap storm... Reading that history over the three years that he ran it will give you some idea of how evil this crap is. ETAA: Current version of CWShredder.

when i saw the name of this thread it reminded me of a email from spywareinfo.com i got a couple days ago..  Excellent site      

Quoted: Please, people. Get a good firewall and block your outbound ports. Prevent these little bastards from phoning home. I am shocked that so many people have no firewalls on their PCs.

Yup...I was hijacked a year ago by Cool Search...I cannot tell you the nightmare...complete dump of my harddrive and started over (damn thing was everywhere in the registry and was replicating faster than freaken tribbles) since then I run spy sweeper  (will prevent a home page hijack), sweep regularly with that and another anti-spyware, run AV and 2 firewalls (one my ISP provides).
And everytime I catch the hubby on a pron site I biff him in the back of the head.
FYI: Internet pron is crawling with bugs people...CRAWLING...consider buying a mag the alternative to a free clinic visit and a penecillin shot...

I wish I knew someone capable of nailing their servers...a taste of their own medicine is what those filthy bastards need!

PlaymoreMinds: You may aslo want to run registery monitoring software, which will warn you incase something wants to make a change, at that point it will give you the option of denying the offending software access which will pretty shut it down. I'm using Spybots Teatimer, but I'm sure there are others.

Quoted: Yup...I was hijacked a year ago by Cool Search...I cannot tell you the nightmare...

If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place.

CWS has been one of the worst offenders for some time now.  They are organized churn out new crap on a weekly basis.

Quoted: Quoted: Yup...I was hijacked a year ago by Cool Search...I cannot tell you the nightmare... If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place.

Expound???

Quoted: CWS has been one of the worst offenders for some time now.  They are organized churn out new crap on a weekly basis.

Yeah...why don't we get our system savvy guys to make them a little giftie???
Did I phrase that well enuf NOT to violate the CofC????

Quoted: Quoted: Yup...I was hijacked a year ago by Cool Search...I cannot tell you the nightmare... If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place.

Or just stop using Windows.

Everyone that works for and the owners of CWS should be rounded and and publicly executed...dig a pit, line them up, pistol bullet to the base of the skull...it should be televised in prime time.

These scum need to learn there is a price to pay...

F*ckers  

Quoted: Please, people. Get a good firewall and block your outbound ports. Prevent these little bastards from phoning home. I am shocked that so many people have no firewalls on their PCs.

When there are several that are great and FREE!

Do you need protection?

Not yes but H3ll YES!

Go to the below link to see "How to protect yourself from Malware, Spyware and Adware!"

forums.majorgeeks.com/showthread.php?t=44525

BigDozer66

Apple fans aside
<whispers to the rest: poor loosers those ones!...they should stick to Ipods>

use of Mozilla has helped a tad...

Quoted: Quoted: Yup...I was hijacked a year ago by Cool Search...I cannot tell you the nightmare... If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place.

CWS uses an exploit to install in most(all?) cases. It will privilege escalate to the system account regardless. GPO, Power User, Normal User, Admin... makes absolutely no difference.  

Keep your OS up to date! If you are running an older version of Windows, consider upgrading! Win2k is full of holes and they've stopped patching that OS alltogether. Or if you are fortunate enough to be pretty well off as far as computer literacy goes, consider trying out Linux. Microsoft recently put Linux to the test using WINE, a Windows emulator for Linux.

Turn off services you do not need.

Use the task manager often to see what's running in the background.

Go to Start > Run > type in cmd and press enter, then in the command prompt type netstat -nao for a list of services running, process ID, port number, etc. Make sure you are familiar with what should be running and their respective directories they run from.

Have a good spyware and anti-virus scanner and keep them updated. As far as software Windows firewalls go, none of them are anywhere near perfect, but they are better than nothing. Consider getting a configurable Firewall/NAT router.

A good book on OS hardening and intrusion detection: Hack Notes: Network Security Portable Reference published by McGraw Hill.

There are plenty of services Microsoft likes to enable for you which you either won't need, don't use actively, or are just plain stupid. RPC

Keep up to date with the latest security flaws and exploits: securityfocus.com

Encrypt personal data/information. Don't ever trust any email or attachments, ever.

Use only encrypted services when sending information, IE don't use ftp, use secure ftp. Don't use telnet when you can use SSH. Turn off anonymous file sharing...etc. I could literally write a book on all the crap one should do to keep from getting your information compromised, but just be careful and be vigilant. It might be time consuming, but in the end worth it. No one's completely safe from malicious crackers.

Why can't the Feds just shut 'em down? Sounds like a perfect reason for a no-knock raid.

Quoted: If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place.

I always am logged in as admin.  I previously tried using an user account, but anytime I wanted to play with windows I'd have to log out and log in as admin.  Bah.

If only it were so simple as su admin fred I'd do it, but Windows takes too long to log out and log back in everytime.

You should run adware/spyboy S&D/whatever you like just as often as you run AV.  Check your running processes.  I found a spywaye that way, running a bogus rundll32.exe.  Also, periodically run Hijack This! and see what's new.

pr0n is crawling with bugs, but at least it's free.

Quoted: Quoted: If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place. I always am logged in as admin.  I previously tried using an user account, but anytime I wanted to play with windows I'd have to log out and log in as admin.  Bah.

And that's the whole point.

An Administrator account gives you (or any program you run) full permission to completely fuck up Windows as much as they want.  If, instead, you did your web browsing on a User account, then even when you did something stupid and tried to install some malware, Windows would stop you because you don't have permission.  A "User" can't even install a browser plugin or update a printer driver.

Microsoft did this on purpose to give IT staff the ability to limit the ability of desktop users to thrash Windows.  And there's no reason that the home user can't use these same features, too.  All you have to do is demote your main web browsing account down from Administrator to User and you will become forever immune from any spyware, malware, or trojans from ever installing on your system in the first place.

Quoted: Please, people. Get a good firewall and block your outbound ports. Prevent these little bastards from phoning home. I am shocked that so many people have no firewalls on their PCs.

Most of the time this stuff gets installed when you visit a web page or download some crap without having your machine up to date.  A firewall usually won't stop that.

Quoted: Quoted: If people would stop browsing the web on Administrator accounts they wouldn't have these problems in the first place. I always am logged in as admin.  I previously tried using an user account, but anytime I wanted to play with windows I'd have to log out and log in as admin.  Bah. If only it were so simple as su admin fred I'd do it, but Windows takes too long to log out and log back in everytime. You should run adware/spyboy S&D/whatever you like just as often as you run AV.  Check your running processes.  I found a spywaye that way, running a bogus rundll32.exe.  Also, periodically run Hijack This! and see what's new. pr0n is crawling with bugs, but at least it's free.

That's an oxymoron dude...
Sorry...but my hubby's little foray into "free" cost me down time in my online trading...that was money...and there ya go!

another helpfull program for the computer techies....   x-cleaner

Quoted: Please, people. Get a good hardware and software firewall and block your outbound ports. Prevent these little bastards from phoning home. I am shocked that so many people have no firewalls on their PCs.

Fixed it for ya!

Quoted: Sorry...but my hubby's little foray into "free" cost me down time in my online trading...that was money...and there ya go!

You did two major things wrong here -

You let your husband use your computer on your account.
You let your husband browse the web on an Administrator account.

This is what you need to do - Password protect your account so he can't use it.  Then create a new User-level account for your husband to use.  If you had done this before then you wouldn't be having these problems in the first place.

I have a buddy whose wife is incredibly destructive.  She responds to spam, clicks "Yes" to every pop-up, and gladly installs anything that any web site asks her to.  I don't think she's gone longer than two weeks without completely trashing a PC.  I used to get weekly calls from them complaining that their PC is running really slow.  They currentlly have 4 PCs that they bought in the last year sitting dead on the floor, completely unusable due to malware.  You wouldn't believe the crap she says.  "Well, I got this email from an on-line casino, so I went there and they said I had to install this program first, and after I installed it my computer has been running really slow and it won't let me hang up from the internet saying something about the modem is in use...."

I had him ship me a 4 year-old 1.2 GHz Gateway (that she had also thrashed) which I formatted and then reinstalled XP.  I set HIM up with an Administrator account, and HER with a User account.  So far she has used this PC for almost 6 months without one single piece of adware/spyware/malware being installed.  It's a New World's Record for this dumb broad.  And all I did was make her browse the web on a User account.

If you're not willing to take these simple steps, then get used to these types of problems occurring over and over and over again.  And you'll have no one to blame but yourself.

ETA -

I still haven't been able to convince this guy to go broadband and run two PCs - one for HIM and one for HER.  That way when she fucks up her system again he'll still be able to get on-line.  He needs to abide by JavaMan's Three Rules for a Successful Marriage:

Separate cars,
Separate bathrooms, and
Separate computers.

Follow these 3 simple rules and 90% or all marital problems will be eliminated.  

I'm about to buy my wife her own laptop so she can play Spider Solitare and I can have my ARFCOM back!

BigDozer66

I'm just happy to have my own closet..................
SHOES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
whoops...was that too girlie a post?

Excellent thread here.  Everyone should read it and the linked articles.

Tagged

I may not have as many shoes as my wife (I might have more though!) but my shoes take up a heck of a lot more room than hers does!

She wears a size 6-1/2 or 7 and I wear a 13EE!

BigDozer66

The company that found this trojan (Sunbelt Software) has a BLOG PAGE HERE with more info on this thing.

The more I read, the more alarmed I'm getting.  This is going to be MASSIVE.  I'm pretty sure our company's security policy is going to be changing because of this incident, and I doubt ours is going to be the only one.

Oh, and early reports are wrong on a key point -- Cool Web Search is NOT involved.  This trojan was discovered during work involving CoolWebSearch, but it appears they are not involved with this new trojan that is causing all the ruckus.

As to not letting users run as administrators to protect them:
Not feasable in our case and probably in many others.  Way too much software requires administrative rights in order to function properly, including software that most of our employees require to do their jobs.  We hate that situation, but until the makers of that software change things, we have no other alternative at this time but to give all our uses administrator rights on their machines.