Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

There's a Reason it's Called "Spyware"
TechBlog ^ | August 06, 2005 | Dwight Silverman

Posted on 08/06/2005 3:55:42 PM PDT by anymouse

A company that develops antispyware software believes it has found a massive identity theft ring that appears to be using the evil and persistent CoolWebSearch spyware program.

Anyone who's been unfortunate enough to be infected with CoolWebSearch knows that a bear it is to remove. If Sunbelt Software is correct, while it clings to your hard drive it's sending private information to evildoers:

In some recent research into a spyware exploit, our research team has discovered a massive identity theft ring.

We also found the keylogger transcript files that are being uploaded to the servers.

This is real spyware stuff-chat sessions, user names, passwords, bank information, etc. We have confirmed that this data is valid. Highly personal information, including even one fellow who has a penchant for pedophilia -- all logged in detail and returned a webserver.

Sunbelt's Alex Eckelberry said the company has contacted the FBI to let them know that "we're sitting upon literally thousands of pages of stolen identities that are being used right now." The FBI responded and is on the case, he says.

He plans on making some of the transcripts public:

I will be providing more later as well as some (redacted) samples of what the files look like.

This was discovered by Patrick Jordan, a senior staff researcher here. Patrick is a veteran of spyware, and even he admits to never having seen something like this before. It's pretty staggering.

Spyware is a genuinely dangerous threat. If you know you've got it and you've delayed taking action because it will take time or seem intimidating, wait no longer. Use my guide for removing spyware to get started.

The best tool for whacking it, in my opinion, is Microsoft AntiSpyware.

There's a good tool just for removing CoolWebSearch called CWShredder, but there are so many variants that it's not 100 percent effective.


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: adware; bank; coolwebsearch; identitytheft; keylogger; spyware
Surfers beware, there be sharks in them tha'r shoals. :)
1 posted on 08/06/2005 3:55:44 PM PDT by anymouse
[ Post Reply | Private Reply | View Replies]

To: anymouse

CWS blocked all of my secure sites. A Microsoft tech at the 800 number told me what it was and how to get rid of it. It took about a half an hour with him, and then another two hours to do a complete scan with spybot, norton, and clean disc security before it was clean. We also notified the bank and visa. All in all, a real pain in the a**..


2 posted on 08/06/2005 4:21:18 PM PDT by cardinal4 (Islam-Hastening the Second Coming..)
[ Post Reply | Private Reply | To 1 | View Replies]

To: cardinal4
3. CoolWebSearch Information and removal instructions for the CoolWebSearch program. CoolWebSearch, removal,spyware, malware, adware, remove CoolWebSearch, detect CoolWebSearch,CWS , CoolSearcher , Cool Web... www.spywareguide.com/product_show.php?id=599 [Found on MSN Search, Google, Yahoo!]

4. CWShredder - Defeat CoolWebSearch - Download CWShredder Free ... coolwebsearch Coolwebsearch virus Coolwebsearch remover InterMute - CWShredder - remove coolwebsearch cool web search - download cwshredder free Enterprise SMB Personal SpySubtrac... www.intermute.com/spysubtract/cwshredder_download....
[Found on MSN Search, Google, Yahoo!]

5. Remove Coolwebsearch Virus
Remove coolwebsearch. As seen on CNN. Over 20 million users cant be wrong. Free scan.
Sponsored by: www.removespywareforever.com [Found on Y!SM]

Welcome to the CoolWebSearch Chronicles

I have not yet come across ANY data provided in re WHO launched/devised CWS. The CWS primarily directs "browners" to porn, and child porn.

That IP address is located in Russia, a known hotbed for the CoolWebSearch gang. The whois information says there are no websites located at that IP address, making it even more suspicious

3 posted on 08/06/2005 5:44:30 PM PDT by Alia
[ Post Reply | Private Reply | To 2 | View Replies]

To: anymouse
BTW, what sites are you hitting to come up with these spyware attachments or are they by email attachments? Next time create a Limited user. Spyware does not become a problem when it does not have permission to install. Start > Control Panel > User Accounts > Create Account > Limited.
4 posted on 08/06/2005 6:46:35 PM PDT by SIRTRIS
[ Post Reply | Private Reply | To 1 | View Replies]

bump


5 posted on 08/06/2005 7:53:54 PM PDT by since1868
[ Post Reply | Private Reply | To 1 | View Replies]

To: SIRTRIS; Lazamataz

Can you jot down a paragraph on the ins and outs of limited accounts, the why's and wherefore's? Thanks.


6 posted on 08/06/2005 9:02:52 PM PDT by Travis McGee (--- www.EnemiesForeignAndDomestic.com ---)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Travis McGee

You'd go to the administrator account and create a new user. This user would have the most restrictive permissions possible, and when you boot XP, you'd log in as that user. Surf using that one.

But it shouldn't be a problem if you always decline attempts to install. Never use their buttons.... close the window using the little red x at the upper right corner.... they can lie when labeling the button, and 'cancel' might be programmed to install something. Can't happen if you use the red x.


7 posted on 08/06/2005 10:54:40 PM PDT by Lazamataz (Islam is merely Nazism without the snappy fashion sense.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Travis McGee

Limited User Accounts @ http://www.pcmag.com/article2/0,1759,1683498,00.asp

still everything has limitations & no substitution for having a well secured fence around your property. make good use of virus protection(ie F-secure), firewall protection(ie Zone Labs), & spyware cleaning protection(ie SpyBot). life & living is a risk!! BTW, you might look at this http://www.ccleaner.com/


8 posted on 08/07/2005 7:18:37 AM PDT by SIRTRIS
[ Post Reply | Private Reply | To 6 | View Replies]

To: SIRTRIS; Lazamataz

Thanks guys!


9 posted on 08/07/2005 8:16:30 AM PDT by Travis McGee (--- www.EnemiesForeignAndDomestic.com ---)
[ Post Reply | Private Reply | To 8 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson