Skip to comments.CoolWebSearch, Dubbed Adware's "Ebola," Tops Spyware Threat List
Posted on 03/30/2005 9:34:51 PM PST by Eagle9
CoolWebSearch, adware that generates more than $300 million a year for its maker, is the "Ebola" of adware, and easily the most significant spyware threat on the Internet, an anti-spyware security firm said Wednesday.
CoolWebSearch, which comes in multiple forms, can hijack Web search errors, usurp the browser's home page, and modify other Internet Explorer settings. Recent variants have taken to exploiting vulnerabilities in IE, such as those in the HTML Help system, to install on PCs.
"It's only purpose is to get on a PC, and stay on that PC, even at the cost of killing that machine," said Richard Stiennon, the vice president of threat research for Boulder, Colo.-based Webroot, which publishes the Spy Sweeper line of anti-spyware software.
According to Webroot, nearly half of the PCs it's audited for spyware or adware are infected with CoolWebSearch.
"It's the Ebola of the Internet," said Stiennon. "It's so malicious that it tends to break the ability of a machine to browse effectively, and therefore limits the number of ads and click-throughs that can be generated. Like Ebola, it kills its host before it can be productive."
Webroot's newest Top 10 list -- it releases a list of the ten most significant spyware/adware threats every quarter -- is based on the free spyware audits it conducts from its own Web site, and those it runs in cooperation with EarthLink, the Atlanta-based ISP.
"We rank programs on both prevalence and perniciousness," said Stiennon.
Second on Webroot's list is Gator/GAIN, adware that may display banners ads based on Web surfing habits. Gator is a long-time adware package that often gets on systems because it's bundled with free software, most notably the P2P file-sharing program Kazaa. By the SpyAudit scanning results, Gator/GAIN is on about 15 percent of all machines.
"If we take the leap and assume that the sample is representative of the Internet in total, we can estimate how many machines have Gator," said Stiennon. His best guess: 38.4 million PCs. Others on Webroot's list include (in descending order), 180search Assistant, ISTbar/Aupdate, Transponder, Internet Optimizer, BlazeFind, Hot as Hell, Advance Keylogger, and TIBS Dialer. Most are adware in composition -- not that that means they're benign; they typically hijack search errors and re-direct them to another site, and/or blitz the PC with endless popups -- but some are true spyware.
"We're finding keyloggers on about 15 percent of the machines audited," said Stiennon, "and Advanced Keylogger is the most prevalent right now. It's on relatively few machines -- about 9,000 that we've found -- but a keylogger on that many PCs is a scary concept in and of itself.
"Spyware writers are continuing to innovate and find new, more deviant ways to infiltrate systems," said Stiennon. "The increased presence of hijackers, dialers, and keyloggers demonstrates that the new trend for these threats is to go straight for the jugular."
Spyware/adware writers are doing that for one reason: money.
Stiennon, who has analyzed the spyware/adware economy, has come up an average cash flow per "customer installation" per year of $2.40. For each system infected, then, he estimates that the adware author generates $2.40 annually in pop-up fees, redirect fees, and other charges.
His cash-flow projection for the creator of CoolWebSearch -- which using his formula may be on more than 127 million machines worldwide -- is thus $306 million. The company behind Gator/GAIN -- the Redwood City, Calif.-based Claria -- is bringing in around $92 million a year, while 180search Assistant is raking in $86 million.
"These guys make spammers look like two-bit back alley operations," said Stiennon. "No wonder there's a gold rush to get in on this."
And no wonder some adware firms are pushing anti-spyware vendors to "de-list" them from their detection and deletion scanners.
The most recent such move was by Computer Associates, which sells the PestPatrol anti-spyware line after acquiring the company in 2004. Last week, CA removed all Claria products -- including Gator/GAIN -- from its database under its Vendor Appeal program.
CA has been criticized in the past for de-listing software other anti-spyware vendors continue to list as malicious, and even Microsoft has backed down in at least one instance.
"One reason Webroot publishes the Top 10 list," said Stiennon, "is to help provide an idea of the scope of the whole spyware and adware issue, so that going forward, as the discussion of adware heats up and definition battles with the vendors begin, people will have some basic information about the extent of the problem."
He's Got A Plan
Seven Dead Monkeys Page O Tunes
Firefox gives a better browsing experience and is less vulnerable.
I also use Spybot Search and Destroy both at home and on our office computers - about 30 of them. It has some very good advanced features such as locking the hosts file and a very nice interface to examine and manipulate startup settings - takes a while to get familar with everything, but it's worth it. Having said that, I think there is still room in the marketplace for a commercial anti-spyware product that would be easier for the average user to understand and configure. hmmmm...
CWShredder is a magnificient program but, much like real life viruses, the spyware 'diseases' are constantly evolving. This is not something that you can run and expect that your machine will be clear forever. On all the adware/spyware removal tools, you have to download new additions constantly and also take steps to secure your system as well.
[I once spent 3 days getting CoolWebSearch off of my wife's machine because NONE of the tools at the time would do the trick. I won in the end, though!]
|Browser Wars, take two
various FR links | 12-22-04 | The Heavy Equipment Guy
...and let your compiler of links drop out of Lurk & Link mode for comment and advice:
Ditch IE. Honest to God, almost anything else will give you fewer problems. Try and compare- use IE, then run Ad-Aware and Spybot Search & Destroy... then try another browser and repeat. You will be stunned at the garbage IE attracts.
Keep your OS updated & patched.
Run a hardware firewall-- with today's LAN's, it's easy. You need a hardware firewall.
Thanks for the post. This makes it really convenient.
Thanks for looking.
thanks for the link to spyware blaster -- I'm also switching my browser to firefox
We ought to send an invoice to Bill Gates for all the time that his lousy security and insane design choices cost us.
CWShredder is useful, but the best way to get rid of CoolWebSearch variants is to salvage your data, format your hard drive and do a complete reinstall of OS and applications, a major pain in the a$$. Then install netscape or firefox and use IE only for updating windows. Or better still, buy a Mac or install Linux/OpenBSD/etc.
MS software is like a useful tool with fish hooks and razor blades glued all over the handle. If you reach in there just right, grip it hard, and are VERY careful how you use it, you can get your work done. But one slip...blood all over the place.
I got a variant of CWS that behaved nasty as well. It put a key in the registry that was delete protected. Nothing could touch it buyt manual intervention..
How did you get rid of it....editing the registry?
I can't get a Mac. I don't wear berets, smoke clove cigarettes, quote Sartre, or reject the triune God.
I got the bad boy last year, and nothing got rid of it but a FORMAT C:\ - and don't think THAT wasn't scary to type!
I have a buddy that does business over the internet. He saves everthing important to disks and only keeps the operating system on the computer.
He has all the spyware stuff but just re-formats the hard drive and re-installs the OS if he gets a problem he can't deal with.
Think I am going to do this as well and keep another computer for games and stuff and never put it on the net.
Makes some sense.
See my post #53
Does this man look like he fits any of those "requirements?" He's a Mac user. Obviously he knows quite a bit that you don't.
That's a ridiculous amount of work.
Keep your antivirus software ON and UPDATED at all times. Keep your firewall on at all times. Don't use Napster, Kazaa, BearShare, or other file-sharing programs. Run AdAware and SpyBot religiously.
Believe me, doing all that takes me maybe five minutes a day. Sifting through CDs to find a file wouldn't be worth the hassle.
The Mac users I know demonstrate daily that those are the requirements.
Format is always a reliable solution and the last resort, but lazy people like me will take more effort looking for tools rather than wasting hours for formating, taking backups, and reinstalling Windows. :)
You are probably right. This is only for the things you can't get rid of. It is an emergency, once in a blue moon solution.
I'm a diehard Mac user, and I demonstrate none of those properties. However, I know far too many PC users (former coworkers) who meet those requirements.
Perhaps the problem isn't the Mac, its just the quality of people you know... :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.