Miniver
April 30th, 2004, 06:12 PM
http://wired.com/news/infostructure/0,1377,63280,00.html?tw=wn_techhead_2 (http://wired.com/news/infostructure/0,1377,63280,00.html?tw=wn_techhead_2)
Nasty Malware Fouls PCs With Porn
http://c.lygo.com/s.gifBy Michelle Delio (http://wired.com/news/feedback/mail/1,2330,0-167-63280,00.html)
http://c.lygo.com/s.gif
02:00 AM Apr. 30, 2004 PT
Last Sunday, Maria DelGiorno gave up. She unplugged her laptop PC and carefully placed it underneath a statue of the Virgin Mary.
"It was the only thing I could think of doing," said the 67-year-old great-grandmother. "The computer was filled with filthy things. It was embarrassing. My grandchildren kept asking me why I was looking at so much pornography."
On Tuesday, DelGiorno's grandson retrieved the computer and examined it. With some help from a computer-savvy friend, Joe DelGiorno discovered that a browser-hijacking program called CoolWebSearch, also known as CWS, had turned his grandmother's mild-mannered computer into a XXX-rated adventure.
"She had dozens of bookmarks for really foul porn sites," said Joe DelGiorno. "And ads for porn were popping up every few minutes. Her homepage had been switched to some weird Web page. She was all upset and crying; she's a religious woman. She shouldn't have to deal with this garbage. If I find the people who did this to her I will make them suffer."
Judging by the many postings in newsgroups (http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=coolwebsearch+&btnG=Search) and on PC help sites (http://www.spywareinfo.com/forums), plenty of people would be happy to join Joe DelGiorno in his quest to find the programmers behind CWS, the latest and most malicious of several browser hijackers that are making some Internet users miserable.
Browser hijackers are malicious small programs that change browser settings, usually altering designated default start and search pages. But CWS is far uglier than other infamous browser hijackers (http://wired.com/news/infostructure/0,1377,57467,00.html) such as Xupiter and Lop.
According to Merijn Bellekom, who has been tracking (http://www.spywareinfo.com/~merijn/cwschronicles.html) CWS and its many variants -- more than two dozen since CWS first appeared last summer -- CWS is "the most complex, invisible and devious hijacker" ever programmed.
CWS-infected computers are often plagued with a constant barrage of pornography pop-up ads. A hundred or more bookmarks, some for extremely hard-core pornography websites, are often added by CWS to Internet Explorer's Favorites folder.
Almost all versions of CWS significantly slow the performance of infected computers, and some can cause the system to freeze, crash or randomly reboot. CWS also collects and transfers personal information from the infected PC. A few versions of CWS can add websites to Internet Explorer's "trusted sites" zone, which allows those websites to install new programs on the infected PC without the computer owner's knowledge or permission. Several CWS variants are capable of automatically self-updating their programming code.
A few versions of CWS block a user's access to more than two dozen websites that offer advice on how to detect and delete spyware. Some CWS versions also disable firewall programs.
People who are familiar with computers will often check host processes information to find out what applications are running in the background on their computers. One version of CWS can be active in the system but does not appear in host processes, according to Bellekom and other sources.
Signs that one of CWS' two dozen variants is present in a computer include home and search pages that have been reset to one of the 80 or so domains (http://www.spywareinfo.com/articles/cws/) that appear to have an affiliation with CoolWebSearch.com. Any URLs that are entered without "www" will be redirected to porn, search or other sites apparently affiliated with CoolWebSearch.com.
Full Article: http://wired.com/news/infostructure/0,1377,63280,00.html?tw=wn_techhead_2
Nasty Malware Fouls PCs With Porn
http://c.lygo.com/s.gifBy Michelle Delio (http://wired.com/news/feedback/mail/1,2330,0-167-63280,00.html)
http://c.lygo.com/s.gif
02:00 AM Apr. 30, 2004 PT
Last Sunday, Maria DelGiorno gave up. She unplugged her laptop PC and carefully placed it underneath a statue of the Virgin Mary.
"It was the only thing I could think of doing," said the 67-year-old great-grandmother. "The computer was filled with filthy things. It was embarrassing. My grandchildren kept asking me why I was looking at so much pornography."
On Tuesday, DelGiorno's grandson retrieved the computer and examined it. With some help from a computer-savvy friend, Joe DelGiorno discovered that a browser-hijacking program called CoolWebSearch, also known as CWS, had turned his grandmother's mild-mannered computer into a XXX-rated adventure.
"She had dozens of bookmarks for really foul porn sites," said Joe DelGiorno. "And ads for porn were popping up every few minutes. Her homepage had been switched to some weird Web page. She was all upset and crying; she's a religious woman. She shouldn't have to deal with this garbage. If I find the people who did this to her I will make them suffer."
Judging by the many postings in newsgroups (http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=coolwebsearch+&btnG=Search) and on PC help sites (http://www.spywareinfo.com/forums), plenty of people would be happy to join Joe DelGiorno in his quest to find the programmers behind CWS, the latest and most malicious of several browser hijackers that are making some Internet users miserable.
Browser hijackers are malicious small programs that change browser settings, usually altering designated default start and search pages. But CWS is far uglier than other infamous browser hijackers (http://wired.com/news/infostructure/0,1377,57467,00.html) such as Xupiter and Lop.
According to Merijn Bellekom, who has been tracking (http://www.spywareinfo.com/~merijn/cwschronicles.html) CWS and its many variants -- more than two dozen since CWS first appeared last summer -- CWS is "the most complex, invisible and devious hijacker" ever programmed.
CWS-infected computers are often plagued with a constant barrage of pornography pop-up ads. A hundred or more bookmarks, some for extremely hard-core pornography websites, are often added by CWS to Internet Explorer's Favorites folder.
Almost all versions of CWS significantly slow the performance of infected computers, and some can cause the system to freeze, crash or randomly reboot. CWS also collects and transfers personal information from the infected PC. A few versions of CWS can add websites to Internet Explorer's "trusted sites" zone, which allows those websites to install new programs on the infected PC without the computer owner's knowledge or permission. Several CWS variants are capable of automatically self-updating their programming code.
A few versions of CWS block a user's access to more than two dozen websites that offer advice on how to detect and delete spyware. Some CWS versions also disable firewall programs.
People who are familiar with computers will often check host processes information to find out what applications are running in the background on their computers. One version of CWS can be active in the system but does not appear in host processes, according to Bellekom and other sources.
Signs that one of CWS' two dozen variants is present in a computer include home and search pages that have been reset to one of the 80 or so domains (http://www.spywareinfo.com/articles/cws/) that appear to have an affiliation with CoolWebSearch.com. Any URLs that are entered without "www" will be redirected to porn, search or other sites apparently affiliated with CoolWebSearch.com.
Full Article: http://wired.com/news/infostructure/0,1377,63280,00.html?tw=wn_techhead_2