North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Spyware becomes increasingly malicious

  • From: Brian Battle
  • Date: Tue Jul 13 01:30:06 2004

William Warren wrote:

>not all the variants are that easy..how about doing a google on 
>coolwebsearch..scumware.com has a good writeup as well as 
>spywareinfo.com...the newer variants are not that easy....

I second that.  The version I saw required a third party
registry editor and booting up into the recovery console
from an XP cd (safe mode didn't cut it) just to remove
a hidden dll.  Had it not been for the forums out there
at http://forums.spywareinfo.com and the cwsshredder, 
which got most, but not all, of the cruft installed by 
this piece of bastard software, my grandmother's computer
would still be popping up those tens of pages of garbage
randomly.

The authors of these coolwebsearch variants are extremely
intelligent programmers with far more understanding of
the bowels of the windows platform than your average
script kiddies.  If you get hit with the version I saw,
it's no 10 minute piece of cake.

What I don't understand is how exploiting bugs in a 
program (internet explorer) to install software without
the consent or even acknowledgement from the owner/user
is legal behavior.  To me, it's just like someone abusing
a bug in bind, and installing a rootkit, which last time
I checked, could end up getting someone in legal troubles.

For another hastily-thought-out analogy, it's like someone
breaking into your house and reprogramming your cable box
to keep changing the channel to the home shopping club
every 30 seconds.

-Brian