North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Spyware becomes increasingly malicious
This appears to have been dealt with at the browser level in MS Security Bulletin MS03-011. I have a hard time blaming MS for everything since in most cases of these things they do react. How do they force the users to update? Could they implement a switch that says "no update, no working browser"? At least for IE? Scob was dealt with via the hammer, this could be too. There's 39 variants at the moment: http://www.spywareinfo.com/~merijn/cwschronicles.html The difficulty in cleaning is due to the variants: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder Disclaimer: That site "looks/feels" credible, but I did just a little correlation. Thanks. ARIN: The IP number for their website is allocated to cogent, but not SWIP'd. Apparent last mile: 16 p6-0.core01.jfk02.atlas.cogentco.com (66.28.4.82) 107.092 ms 104.713 ms 107.080 ms 17 p5-0.core01.jfk01.atlas.cogentco.com (66.28.4.9) 108.177 ms 108.023 ms 109.115 ms 18 g49.ba01.b001362-1.jfk01.atlas.cogentco.com (66.28.66.42) 106.147 ms 105.769 ms 109.537 ms 19 HyperSpace_Communications.demarc.cogentco.com (66.250.5.30) 110.872 ms 108.745 ms 106.978 ms 20 66.250.74.150 (66.250.74.150) 107.939 ms 108.364 ms 104.599 ms Apparent Registration: domain: coolwebsearch.com status: production organization: InterWeb Solutions Inc owner: InterWeb Solutions Inc email: [email protected] address: P.O. Box 362 address: Road Town city: Tortola postal-code: 65113 country: IO admin-c: [email protected]#0 tech-c: [email protected]#0 billing-c: [email protected]#0 nserver: ns1.maximumhost.com nserver: ns2.rosexxxgarden.com registrar: JORE-1 created: 2001-06-01 04:51:34 UTC JORE-1 modified: 2004-03-17 14:59:02 UTC JORE-1 expires: 2007-05-31 22:51:23 UTC source: joker.com -M -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure [email protected] coolwebsearch: > -----Original Message----- > From: [email protected] [mailto:[email protected]]On Behalf Of > Paul Vixie > Sent: Monday, July 12, 2004 12:19 PM > To: [email protected] > Subject: Re: Spyware becomes increasingly malicious > > > > somebody, probably sean, mentioned scaling earlier in this thread. > > > >> coolwebsearch has become more and more sneaky.. so bad that > > >> development of cws shredder has been abandoned by its developer.. > ... > > > the first time only about 3 days ago and I got rid of it > in 10 minutes! > > > I can see how it would be a problem for a newbie but it > shouldn't be > > > anything more than 10 minutes work for anyone here with Windows > > > experience. > ... > > There are dozen of variants, obviously you've seen only one. > > so, this bit of spyware (which was resistant to ad-aware as > of last week, > though ad-aware seems to publish a new definition file every > day now) relies > on a web site, and that web site relies on the spyware for > its traffic and > eyeballs, and the spyware and website are > owned/operated/"published" by the > same company. the website does not move around, it's at a > fixed location. > > the scaling issue, please: > > "why does that company still have an internet connection?" > > or, to put it less mildly: > > "why does that company's provider still have an upstream?" > > or, to put it in terms you can all understand: > > "why does that provider's upstream still have bgp peers?" > > if you give people the means to hurt you, and they do it, and > you take no > action except to continue giving them the means to hurt you, > and they take > no action except to keep hurting you, then one of the ways > you can describe > the situation is "it isn't scaling well." > -- > Paul Vixie >
|