Massive ID Theft Ring Uncovered (CoolWebSearch spyware)

Massive ID Theft Ring Uncovered

Officials at Sunbelt Software say well-known spyware is being used to steal info.

Jaikumar Vijayan, Computerworld
Monday, August 08, 2005

http://www.pcworld.com/news/article/0,aid,122149,00.asp

Officials at Sunbelt Software, a Clearwater, Florida-based vendor of anti-spyware tools, say the company stumbled upon a massive ID theft ring that is using a well-known spyware program to break into and systematically steal confidential information from an unknown number of computers worldwide.

The operation was discovered last week during research Sunbelt was doing on a spyware program belonging to a particularly dangerous class of browser hijacking tools called CoolWebSearch (CWS), according to Sunbelt's president, Alex Eckelberry.

CWS programs are extremely hard to detect and remove, and are used to redirect users to Web sites that use spyware tools to collect a variety of information from infected computers. The CWS variant being researched by Sunbelt turned infected systems into spam zombies and uploaded a wide variety of personal information to a remote server apparently located in the U.S. That server holds a "treasure trove of information" for ID thieves, Eckelberry says.

Sunbelt's research showed that the information being uploaded to the remote server included chat sessions, user names, passwords and bank information, he says. The bank information included details on one company bank account with more than $350,000 in deposits and another belonging to a small California company with over $11,000 in readily accessible cash, he says.

of instant messenger, allowthing them to legally republish private chat sessions elsewhere.

FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for Internet Services
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=104x4278833
So now the government is requiring ISPs to place security "holes" in the services so many of us use.

While it may be at best peripherally related, here's an article with a typical misleading title, it would have been more accurate to call it "Companies use Technical Analysis on Citizens", but that wouldn't have been popular:
http://www.usatoday.com/tech/news/2005-08-07-companies-tech-analysis_x.htm

It appears the corporatists are forcing citizens to be insecure and 100% transparent, while they themeselves hide.

Use Firefox and you won't have these problems.

CWShredder is a program that has been developed and maintained by a student from the Netherlands for years - you can read about it's history (and get an idea how evil CoolWebSearch is) HERE.

CoolWebSearch is notorious for being impossible to detect and remove - most anti-spyware programs will miss it. I've fixed hundreds of PCs infected with spyware and adware, and used most of the trusted tools - Spybot, AdAware, SpySweeper, etc. CoolWebSearch is known for their frequent updates and specific design to evade these tools. Merijn's CWShredder ONLY targets CoolWebSearch variants.

Their crap got worse and worse, and with school to deal with, Merijn couldn't keep up. The program was taken over by InterMute, who have since been absorbed by TrendMicro. The program, however, is still free, still (relatively) frequently updated, and still the most effective tool to cleanse your system of this crap.

(Yes, Mozilla/Firefox/Thunderbird are the way to go.. but that doesn't help someone who is already infected. For them... cleanse your PC - run this, run AdAware or one of the trusted tools above, make sure you AntiVirus is up-to-date and do a full system scan.. or backup files and reload... and then switch to Firefox/Thunderbird immediately.)

:)

I just ran it and was infected with 3 versions of CoolWebSearch.

No more PCs for me.