[thelist] browser hijacking
Maximillian Schwanekamp
lists at neptunewebworks.com
Wed Jan 19 23:52:20 CST 2005
Mark Joslyn wrote:
> The other spyware programs are all over the place telling me that I have
> CoolSearchWWW and PeopleonPages, various registry entries, tracking cookies,
> etc.
I did not notice it posted to this thread, so if only for the benefit of
future Googlers I thought I might mention a superb article about CWS on
the venerable DoxDesk:
http://www.doxdesk.com/parasite/CoolWebSearch.html
<blockquote cite="http://www.doxdesk.com/">
But as usual, CoolWebSearch takes the biscuit. The thing about CWS is
that it’s not just one hijacker, but a network of competing affiliates.
Quite commonly once a CWS affiliate has exploited an IE security hole,
the first thing the installed software will do is remove another
affiliate’s known trojan filenames, drop zero-byte hidden locked files
with known trojan names to ‘inoculate’ against a competitor, or put a
bunch of a competitor’s domain names in the Hosts file with the wrong
address, to block access to them.
</blockquote>
--
Maximillian Von Schwanekamp
Dynamic Websites and E-Commerce
NeptuneWebworks.com <http://www.neptunewebworks.com/>
voice: 541-302-1438
fax: 208-730-6504
More information about the thelist
mailing list