We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
worth reading(spyware)
Options
deary65
Posts: 818 Forumite
in Techie Stuff
taken from anoher forum:
Spyware note
Monday, August 8, 2005 at 10:56 pm
Posted by Mega (232 messages posted)
For those who don't worry about spyware.. and the ones that do know what it can do.. Thought you might find this informative.
I know many people have asked how to get rid of "CoolWebSearch", now it is more than just pop-ups and browser hijacking.
Ryan Naraine - eWEEK Mon Aug 8,10:43
Spyware researchers picking apart one of the more notorious spyware programs have stumbled upon what appears to be a massive identity theft ring hijacking confidential data from millions of infected computers.
Sunbelt Software Inc., makers of the enterprise-grade CounterSpy spyware protection product, made the discovery during an audit of "CoolWebSearch," a program that routinely hijacks Web searchers, browser home pages and other Internet Explorer settings.
During the research, Sunbelt researcher Patrick Jordan deliberately installed the "CoolWebSearch application on a machine and immediately noticed that the infected system became a spam zombie that was placing callbacks to a remote server.
When Jordan visited the remote server, he was shocked to find that it was being used to distribute sensitive personal information from millions of PC users infected by the spyware application.
"We found the keylogger transcript files that are being uploaded to the servers. We're talking real spyware stuff…chat sessions, usernames, passwords, bank account information, full names, addresses," said Sunbelt president Alex Eckelberry.
In an interview with Ziff Davis Internet News, Eckelberry said the sophistication of the operation suggests it's the work of a "massive identity theft ring" that used keystroke loggers to grab confidential information that could be used to create fake online identities.
"I'm not being dramatic. This is the most repulsive thing I've ever seen. It's very painful to see what's in these log files that are being uploaded in real time. We're seeing a lot of bank information and usernames and passwords to get in," Eckelberry said.
He said the log files included logins to one business bank account with more than $350,000 and another small company in California with over $11,000, readily accessible.
"There are lots of eBay account information and names and addresses of the people owning those accounts. Names, passwords, all matched up," Eckelberry added.
He said the server, which is hosted out of a data center in Texas, was effectively a "massive repository of stolen data" that was being replenished in real time.
"As the [log] file gets to a certain size, it gets taken down and a new file starts generating. This goes on nonstop. We've been watching it for a few days while trying to get to the FBI, and it just keeps growing and growing."
While the site is being hosted in the United States, Eckelberry said the domain name is registered to an offshore company.
Eckelberry said the huge size of the log files is a clear indication that thousands of machines are pinging back daily.
In some cases, where users appeared to be at immediate risk of losing a considerable amount of money, Sunbelt has contacted the affected individuals.
Eckelberry said the "CoolWebSearch" payload included a typical adware download that immediately scanned the infected machine for e-mails to use for spam runs. It then sets up a "very intelligent keylogger" that looks for very specific information.
"This won't get caught by a typical anti-spyware application," he said, noting that the keystroke logger was able to pick up identity-related data for delivery to the remote server.
Spyware note
Monday, August 8, 2005 at 10:56 pm
Posted by Mega (232 messages posted)
For those who don't worry about spyware.. and the ones that do know what it can do.. Thought you might find this informative.
I know many people have asked how to get rid of "CoolWebSearch", now it is more than just pop-ups and browser hijacking.
Ryan Naraine - eWEEK Mon Aug 8,10:43
Spyware researchers picking apart one of the more notorious spyware programs have stumbled upon what appears to be a massive identity theft ring hijacking confidential data from millions of infected computers.
Sunbelt Software Inc., makers of the enterprise-grade CounterSpy spyware protection product, made the discovery during an audit of "CoolWebSearch," a program that routinely hijacks Web searchers, browser home pages and other Internet Explorer settings.
During the research, Sunbelt researcher Patrick Jordan deliberately installed the "CoolWebSearch application on a machine and immediately noticed that the infected system became a spam zombie that was placing callbacks to a remote server.
When Jordan visited the remote server, he was shocked to find that it was being used to distribute sensitive personal information from millions of PC users infected by the spyware application.
"We found the keylogger transcript files that are being uploaded to the servers. We're talking real spyware stuff…chat sessions, usernames, passwords, bank account information, full names, addresses," said Sunbelt president Alex Eckelberry.
In an interview with Ziff Davis Internet News, Eckelberry said the sophistication of the operation suggests it's the work of a "massive identity theft ring" that used keystroke loggers to grab confidential information that could be used to create fake online identities.
"I'm not being dramatic. This is the most repulsive thing I've ever seen. It's very painful to see what's in these log files that are being uploaded in real time. We're seeing a lot of bank information and usernames and passwords to get in," Eckelberry said.
He said the log files included logins to one business bank account with more than $350,000 and another small company in California with over $11,000, readily accessible.
"There are lots of eBay account information and names and addresses of the people owning those accounts. Names, passwords, all matched up," Eckelberry added.
He said the server, which is hosted out of a data center in Texas, was effectively a "massive repository of stolen data" that was being replenished in real time.
"As the [log] file gets to a certain size, it gets taken down and a new file starts generating. This goes on nonstop. We've been watching it for a few days while trying to get to the FBI, and it just keeps growing and growing."
While the site is being hosted in the United States, Eckelberry said the domain name is registered to an offshore company.
Eckelberry said the huge size of the log files is a clear indication that thousands of machines are pinging back daily.
In some cases, where users appeared to be at immediate risk of losing a considerable amount of money, Sunbelt has contacted the affected individuals.
Eckelberry said the "CoolWebSearch" payload included a typical adware download that immediately scanned the infected machine for e-mails to use for spam runs. It then sets up a "very intelligent keylogger" that looks for very specific information.
"This won't get caught by a typical anti-spyware application," he said, noting that the keystroke logger was able to pick up identity-related data for delivery to the remote server.
Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.
0
Comments
-
which forum ??
Coolwebsearch has been around for ages....and all my adware packages remove it ??Ex forum ambassador
Long term forum member0 -
Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.0
-
take it back...just google news it and it comes up everywhere....Ex forum ambassador
Long term forum member0 -
Sounds like a trojan horse. These things usaully target people with broadband and a firewall should stop it sending any information back to the hacker. This is why a firewall is important with broadband.0
-
It can be quite tricky to remove as it has blacklists of antispyware software and tools. CWSShredder (might be spelt with one S) is the best tool to get rid of it.Hug provider for depression thread :grouphug:
"I'm not crazy, I'm just a little unwell.." - Unwell by Matchbox Twenty0 -
I feel sorry for all those people who think Windows Xp firewall is enough....it only blocks incoming traffic
might be worth pointing out to anyone worried about this that there is a "sticky" thread in this section linking to articles about installing firewalls, antivirus and anti- spyware, link below
http://forums.moneysavingexpert.com/showthread.html?t=3356Ex forum ambassador
Long term forum member0 -
blinky wrote:It can be quite tricky to remove as it has blacklists of antispyware software and tools. CWSShredder (might be spelt with one S) is the best tool to get rid of it.
CWShredder has moved (again) and is now run by Trend:
http://www.trendmicro.com/cwshredder/
It's tiny and doesn't need installing so it's well worth a quick scan.
Trend now also have an online spyware scanner:
http://uk.trendmicro-europe.com/smb/products/spyware_scan.php0 -
Here is the link to the keylogger:
http://forums.tomcoyote.org/index.php?act=announce&f=89&id=5Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.0 -
if anyone wants to check for that line of text in their registry then they need to download Hijack this
http://www.majorgeeks.com/download3155.html
and thanks to deary65 for that info
...the forum he has posted will also help remove it if you find it Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards