Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Massive spyware-based identity theft ring involving CoolWebSearch

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU
 
Ian David Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-07-05 12:21 PM
Original message
Massive spyware-based identity theft ring involving CoolWebSearch
Edited on Sun Aug-07-05 12:44 PM by IanDB1
On edit: Other sources seem to be picking up this story. Additional citatations at bottom of post.


Massive spyware-based identity theft ring uncovered

8/5/2005 11:13:24 PM, by Clint Ecker

Researchers from a little-known security software company named Sunbelt Software have seemingly uncovered a criminal identity theft ring of massive proportions. According to one of their employees, Alex Eckelberry, during the course of one of their recent investigations into a particular Spyware application—rumored to be called CoolWebSearch—they've discovered that the personal information of those "infected" was being captured and uploaded to a server.

One can only speculate about why someone would do such a thing; the amount of data that could be gathered would almost certainly be daunting for even a few people to sift through and exploit. On the other hand, the researchers at Sunbelt have personally uncovered the personal information of two individuals who, combined, could be taken for well over US$350,000.

The list of stolen information includes not only bank accounts but website passwords, eBay accounts, what sort of adult images you fancy, and, supposedly, even more. The researchers initially had tried in vain to get a hold of someone who could take action on this issue but didn't get a response right away:

We have notified the FBI, but of course no response (too busy doing other more important things). We have notified a few of the parties involved...If anyone has any other ideas, send 'em to us. Right now, we're sitting upon literally thousands of pages of stolen identities that are being used right now.

Good news came today, though, that the FBI had responded and are currently working the case. We've emailed Alex and tried to see if we could get any more details about the whole thing out of him, but at the time of publication, we had not received a response. Hopefully the people who've perpetrated this massive-scale theft of personal data can be quickly caught and brought to justice due to the quick actions of Alex Eckelberry and the researcher who discovered the crime, Patrick Jordan.

More:
http://arstechnica.com/news.ars/post/20050805-5175.html



See also:

Sorted by relevance Sort by date

Because CoolWebSearch Wasn't Sleazy Enough...
BroadbandReports.com, NY - Aug 5, 2005
Anti-Spyware firm Sunbelt Software "stumbled upon" a massive ID theft ring that had been using a CoolWebSearch variant to dump personal info gleaned from
http://www.broadbandreports.com/shownews/66178

Anti-spyware firm warns of massive ID theft ring
NetworkWorld.com, MA - Aug 5, 2005
... research Sunbelt was doing on a spyware program belonging to a particularly dangerous class of browser hijacking tools called CoolWebSearch (CWS), according to ...
http://www.networkworld.com/news/2005/080505-id-theft.html

Spyware 'calling home' volumes soar
Register, UK - Jul 25, 2005
... The firm said malware such as CoolWebSearch, which hides on an infected client using newly developed root-kit architecture, often evades detection
http://www.theregister.co.uk/2005/07/25/spyware_screening/



<snip>

Around October 2004, many mainstream web servers, including major advertising networks, were hacked by a CoolWebSearch affiliate (apparently using security holes in old versions of PHP and/or OpenSSL via Apache). Visitors to these sites were served with exploits that installed CoolWebSearch variants along with other parasites such as BargainBuddy/BullsEye and /Cashback, BookedSpace, HuntBar/WinTools, FavoriteMan/ATPartners, Look2Me/V3, InternetOptimizer, ISTbar/XXXToolbar, /SideFind, /ActiveX and /YSB, nCase, NeoToolbar, PowerScan, SaveNow/VVSN, SearchMiracle, TIBS (dialler), TopConverting, TopMoxie/WebRebates, WildMedia/WMService and WindUpdates/WinAdTools. Previous CoolWebSearch exploits had also installed some of these, as well as Tubby and OnlineDialer/Ole, zombie botnet clients and even internet banking password-stealing trojans.

Other parasites related to CoolWebSearch and often considered part of the same family include Winshow, SuperSpider, SCAgent, SRE and FreshBar.

http://www.doxdesk.com/parasite/CoolWebSearch.html

More:
http://www.doxdesk.com/parasite/CoolWebSearch.html
Printer Friendly | Permalink |  | Top
cleofus1 Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-07-05 12:54 PM
Response to Original message
1. ok i'll bite
so how do you detect and rid yourself of these demons?
Printer Friendly | Permalink |  | Top
 
Ian David Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-07-05 01:02 PM
Response to Reply #1
2. I have no idea. I think it may involve buying anti-spyware software. n/t
Printer Friendly | Permalink |  | Top
 
charlie Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-07-05 01:18 PM
Response to Reply #1
3. CWShredder
Printer Friendly | Permalink |  | Top
 
LiberalUprising Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-07-05 07:59 PM
Response to Reply #3
4. CWShredder
it's a free download and takes only seconds to run.
Printer Friendly | Permalink |  | Top
 
Spock_is_Skeptical Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-07-05 10:05 PM
Response to Original message
5. ugh, I hate that... always run anti-spyware progs
like AdAware to get rid of them... Doesn't suprise me in the least to hear this.
Printer Friendly | Permalink |  | Top
 
I_Make_Mistakes Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Aug-08-05 12:42 AM
Response to Reply #5
6. I had coolweb
and I swear it was loaded on my Logitech mouse software.
Printer Friendly | Permalink |  | Top
 
Spock_is_Skeptical Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Aug-08-05 12:55 AM
Response to Reply #6
7. you know what.... that does ring a bell, I could swear
mine came with that crap as well... but it was a few years ago, it's long ago been cleaned out. I do recall some persistant garbage that came with the logitech mouse, it may very well have been coolweb.
Printer Friendly | Permalink |  | Top
 
lpbk2713 Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Aug-08-05 01:36 PM
Response to Reply #7
9. I had a Logitech optical scroll mouse that had


an option to click "Do you want an E-Bay Tool Bar?" as part of the setup. It came with a dot already in the radio button. I unclicked it and never have had any trouble. Watch out for stuff like this when you install any software.
Printer Friendly | Permalink |  | Top
 
ezod Donating Member (52 posts) Send PM | Profile | Ignore Mon Aug-08-05 09:31 AM
Response to Original message
8. Sunbelt Counterspy
is a killer anti-spy app. Highly recommended by PC World recently. I tried it and Counterspy found a couple things that neither Spybot, Adaware, or Spy Sweeper found. It's cheaper than Spy Sweeper too:

http://www.sunbelt-software.com/

I had my browser hijacked once upon an insecure time, and have been a bit fanatical about running anti-spy apps ever since...thus the multiple sweepers.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Dec 26th 2024, 11:45 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC