Results 1 to 17 of 17
  1. #1
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220
    CoolWebSearch, Dubbed Adware's "Ebola," Tops Spyware Threat List
    CoolWebSearch, adware that generates more than $300 million a year for its maker, is the "Ebola" of adware, and easily the most significant spyware threat on the Internet, an anti-spyware security firm said Wednesday.

    CoolWebSearch, which comes in multiple forms, can hijack Web search errors, usurp the browser's home page, and modify other Internet Explorer settings. Recent variants have taken to exploiting vulnerabilities in IE, such as those in the HTML Help system, to install on PCs.

    "It's only purpose is to get on a PC, and stay on that PC, even at the cost of killing that machine," said Richard Stiennon, the vice president of threat research for Boulder, Colo.-based Webroot, which publishes the Spy Sweeper line of anti-spyware software.

    According to Webroot, nearly half of the PCs it's audited for spyware or adware are infected with CoolWebSearch.

    "It's the Ebola of the Internet," said Stiennon. "It's so malicious that it tends to break the ability of a machine to browse effectively, and therefore limits the number of ads and click-throughs that can be generated. Like Ebola, it kills its host before it can be productive."

    Webroot's newest Top 10 list -- it releases a list of the ten most significant spyware/adware threats every quarter -- is based on the free spyware audits it conducts from its own Web site, and those it runs in cooperation with EarthLink, the Atlanta-based ISP.

    "We rank programs on both prevalence and perniciousness," said Stiennon.

    Second on Webroot's list is Gator/GAIN, adware that may display banners ads based on Web surfing habits. Gator is a long-time adware package that often gets on systems because it's bundled with free software, most notably the P2P file-sharing program Kazaa. By the SpyAudit scanning results, Gator/GAIN is on about 15 percent of all machines.

    "If we take the leap and assume that the sample is representative of the Internet in total, we can estimate how many machines have Gator," said Stiennon. His best guess: 38.4 million PCs. Others on Webroot's list include (in descending order), 180search Assistant, ISTbar/Aupdate, Transponder, Internet Optimizer, BlazeFind, Hot as Hell, Advance Keylogger, and TIBS Dialer. Most are adware in composition -- not that that means they're benign; they typically hijack search errors and re-direct them to another site, and/or blitz the PC with endless popups -- but some are true spyware.

    "We're finding keyloggers on about 15 percent of the machines audited," said Stiennon, "and Advanced Keylogger is the most prevalent right now. It's on relatively few machines -- about 9,000 that we've found -- but a keylogger on that many PCs is a scary concept in and of itself.

    "Spyware writers are continuing to innovate and find new, more deviant ways to infiltrate systems," said Stiennon. "The increased presence of hijackers, dialers, and keyloggers demonstrates that the new trend for these threats is to go straight for the jugular."

    Spyware/adware writers are doing that for one reason: money.

    Stiennon, who has analyzed the spyware/adware economy, has come up an average cash flow per "customer installation" per year of $2.40. For each system infected, then, he estimates that the adware author generates $2.40 annually in pop-up fees, redirect fees, and other charges.

    His cash-flow projection for the creator of CoolWebSearch -- which using his formula may be on more than 127 million machines worldwide -- is thus $306 million. The company behind Gator/GAIN -- the Redwood City, Calif.-based Claria -- is bringing in around $92 million a year, while 180search Assistant is raking in $86 million.

    "These guys make spammers look like two-bit back alley operations," said Stiennon. "No wonder there's a gold rush to get in on this."

    And no wonder some adware firms are pushing anti-spyware vendors to "de-list" them from their detection and deletion scanners.

    The most recent such move was by Computer Associates, which sells the PestPatrol anti-spyware line after acquiring the company in 2004. Last week, CA removed all Claria products -- including Gator/GAIN -- from its database under its Vendor Appeal program.

    CA has been criticized in the past for de-listing software other anti-spyware vendors continue to list as malicious, and even Microsoft has backed down in at least one instance.

    "One reason Webroot publishes the Top 10 list," said Stiennon, "is to help provide an idea of the scope of the whole spyware and adware issue, so that going forward, as the discussion of adware heats up and definition battles with the vendors begin, people will have some basic information about the extent of the problem."


    Source: TechWeb

    Shawn Kerr (.com) | Disney World | SEC Football

  2. #2
    Full Member Verbalkent's Avatar
    Join Date
    January 18th, 2005
    Posts
    277
    Now that is a monster., and its totally purposeless (if thats a word). All that trouble and no payload. reminds me of irc and all of there script kiddies, throwing slurs and executing scripts for no real advantage except for thoroughly ticking ppl off. wheres mr t when u need him?

  3. #3
    Newbie
    Join Date
    March 18th, 2005
    Location
    New England, USA
    Posts
    26
    What they say is true. I have had to clean it off of many computers and it will bury itself in the registry keys. So much so that many end up reformating because putting your system back to a time when there was no adware is impossible because of the changes in the registry keys. But it isn't only the p2p programs that bundle these. My 11 yr. old went to a child friendly site and they did a silent download past the firewalls and everything. It actually turned off the firewall without her knowing. That is why scans are so important on your computer. Sometimes turning off your pc does more damage because when you restart it that is when these programs put themselves into your registry. If they are buried in any hidden files most anti spyware programs can find it but can't remove it. Some people don't realize that their privacy programs and firewalls and yes even virus scans have been turned off or disabled. A lot of times people's computers crash to the point of no return. These parasites kill the hard drives so that a computer repair person can't recover the original information on the computer and / or can't get it to stay on long enough to fix the problem even if it is off line.

    Sorry about the tangent but this is a huge problem that I deal with on a daily basis.

    Dreamie

  4. #4
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    and those it runs in cooperation with EarthLink,
    I just read this thread.

    I'm on my way to CJ to DROP EarthLink, those MF.

  5. #5
    Newbie
    Join Date
    January 18th, 2005
    Posts
    20
    "The most recent such move was by Computer Associates, which sells the PestPatrol anti-spyware line after acquiring the company in 2004. Last week, CA removed all Claria products -- including Gator/GAIN -- from its database under its Vendor Appeal program. "

    I'm using P-Patrol on my machine now,,but they are'nt getting any more money from me.........

  6. #6
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    >Sorry about the tangent but this is a huge problem that I deal with on a daily
    >basis.

    When are you going to start doing your clients a favour and selling them Mac mini's?

  7. #7
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    I'm on my way to CJ to DROP EarthLink, those MF.
    Done

    I did my job, now I need to know about others.

    While I won't stop everything I am doing just to go search for every single merchant that I have on CJ for parasitic association, I will definitely deal with any merchant that I find on any ABW post that say that such merchant is up to no good.

    Sal.

  8. #8
    Newbie
    Join Date
    March 18th, 2005
    Location
    New England, USA
    Posts
    26
    I just might start but they love paying me to repair it by doing it over and over again. I tell them what to avoid and sell them the software they need to get rid of small cases of it. I teach them how to clean all their cookies, temp files, and so on but sigh.... they forget to run the programs and clean out the folders before they log off. So I keep replacing their hard drives and / or write zeros to it. After I save what data I can. But I learned how to do this all on my own and have found a nice little way of making money from home.

    So if they don't want to listen to good sound advice what should I do?
    At this point I figure they like paying me a few hundred bucks each time they do silly things like actually downloading the same things again and returning to the same sites they got silent downloads from.

    I wouldn't personaly market these things but many do and the average person likes what they see and don't think about the dangers of what they are downloading. A lot of times they see these offers on very well known sites that supposedly have a good reputation and are suppose to be safe. Who would suspect sites that claim to be kid friendly? So if you do market these things and or sites you have to live with your consious. I do what I can by teaching people how to avoid these things and how to get rid of them once they get them, if they haven't let it get to the point of barely being able to keep the computer turned on. And YES they do bog down the system that badly.

    I am new to this affiliate marketing and I hear everyone talking about parasites stealing their commisions but what about the parent who has saved for a year to buy a computer for the family and it is destroyed by spyware and adware. Those are usualy the ones I give a break to and they listen about the dangers of doing free downloads and cleaning their folders out before turning off the computer.

    Sorry I went on my tangent again. (lol) But I had one such parent today.

    Dreamie

  9. #9
    Newbie
    Join Date
    March 18th, 2005
    Location
    New England, USA
    Posts
    26
    Mr. Sal thank you for looking out for your consumers
    Dreamie

  10. #10
    Newbie
    Join Date
    January 18th, 2005
    Posts
    20
    "I'm on my way to CJ to DROP EarthLink, those MF. "

    uh, what I get from this article--is that earthlink is partnered w/ the GOOD guys.


    http://www.earthlink.net/about/press/pr_spyAudit/

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Texas, USA
    Posts
    579
    Thumbs down Windows, Again and Again and Again . . .!


    Quote Originally Posted by Dreamie
    I have had to clean it off of many computers and it will bury itself in the registry keys.Dreamie
    Windows 95 Quick Fix from a custom A drive DOS boot-up disk:

    1) DELTREE C:\ WINDOWS

    2) ATTRIB C:\ -A -H -R -S

    3) DEL C:\*.*

    4) Reload DOS

    5) Reload WINDOWS

    6) A Clean Machine!

    7) Start the switchover to OS/2 Warp, eComStation, Mac, Red Hat Linux,
    or BSD. In the end it will only get worse with Windows.

    I know this works on Windows 95. Might work on Windows 98, 98SE and ME.
    I don't know if this will work on NT or XP.

    Probably the most bullet proof version of Windows I have used was a super locked-down set of Windows NT4 machines. As far as XP is concerned, it would probably be best to throw that goofy-looking resource hog in the dumpster.

    Best,

    RadarCat, Webmaster
    http://www.os2warplinks.com

  12. #12
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    @Sal...the connection is between Earthlink and WebRoot not Earthlink and CWS. Webroot is who collects the data that Earthlink publishes quarterly about number of infestions on computers. Although I always have a bit of a problem with that report since a bulk of what is reported are cookies (affiliate cookies included).

    That whole article is a PR piece by Webroot and it should be read as such. While there is some pieces of accurate information, there is also quite a bit of speculation and spin.

    With regards to CWS itself, yes it is a problematic piece of software and I think drives the removal vendors a bit crazy as CWS is aggressive about avoiding efficient removal. The reference to it as Ebola seems to be PR spin along the lines of scare tactics (sure to help the sales of WebRoot no doubt). Afterall it seems somewhat contradictory to say CWS kills the computer before it can be productive while also reporting $300M yearly revenue for CWS. And while CWS can ground a computer to a halt once it's installed, it certainly does have a payload. They just aren't saying what that payload really is and how CWS is generating it's revenue. That revenue isn't coming primarly from popping ads I don't believe. CWS has made it's money prior to the computer being ground to a halt.

    As far as PestPatrol taking Claria products off their detection list. I had an interesting bit of conversation with a removal vendor along these lines in general the other night that I'm very interested in following up for more information. The possible real reasons behind this move is something worthy of further exploration and may well be related to some other postings I've made recently about some changes I'm seeing with some of these applications.

  13. #13
    Member
    Join Date
    January 21st, 2005
    Posts
    101
    Looks like earthlik is ok
    That's what it looks like to me too, Simey.

    is based on the free spyware audits it conducts from its own Web site, and those it runs in cooperation with EarthLink, the Atlanta-based ISP.
    I think it means earthlink is running spyware audits for their customers in cooperation with webroot, not pushing spyware on them.

    Anybody know the answer?

  14. #14
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    Removing the CoolWebSearch (CWS) parasite is a major pain. If you have the earlier version, the freeware called CWS shredder will get it almost every time. If you have the latest morphed version - it has many names but my friends are mostly catching it as Home Search Assistant - it's VERY nasty to get rid of.

  15. #15
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    All these software companies are making software to remove these things after the fact. Where's the authorities when they're needed?


    The April 2005 PC World (on stands now) had a great lead article on this subject.
    They compared the effectiveness and thoroughness of the anti-spyware tools.

    If you're like I was, and thought Lavasoft Adaware and Spybot Search & Destroy were leading the way (and amazinging since they are free), you're info's now outdated. These two standard tools have become middle-of-the-pack-ers.
    Damn it - and they were the ones I told all my family and friends to install.

    Get magazine. Check it out.
    Page 70 of April 2005 PC World mag.

    The one that placed first, I had never even heard of. PCWorld ran each tool against a ton of varying stuff and counted how many each tool removed. Overall, the winner was Sunbelt Software Counter... wait... I went to look up to make sure I had the right name and found the PC World article online... who's the man!

    http://www.pcworld.com/reviews/artic...,119572,00.asp


    The Microsoft Beta product was in a special category cuz it's in beta and so new - the tested it anyway and it did very well. Details in the link above.

  16. #16
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    @Sal...the connection is between Earthlink and WebRoot not Earthlink and CWS. Webroot is who collects the data that Earthlink publishes quarterly about number of infestions on computers.
    Thanks for the info.

    I guess I misread the post yesterday, so I take back what I said but, I won't apply again anyway. I have too many web hosting merchants that are not converting for me, so I still have a few more to drop.

    Sal.

  17. #17
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    From that great informative article comes a program begging for affiliate program exposure... "Our Picks
    You can get an anti-spyware utility for free, but this is one area where going cheap isn't worth the savings. The no-cost Spybot Search & Destroy offers an overall detection rate of 54 percent and provides effective real-time scanning. Keeping on the free path, you could combine Spybot with Ad-Aware SE Personal, whose detection rate for active infections was slightly higher than Spybot's in most categories. However, even when combining Ad-Aware, Spybot, and the free HijackThis, we were unable to remove 100 percent of the infections on our test system.

    Sunbelt Software's CounterSpy, our new Best Buy, proved the most capable of the products we tested, with the highest detection rates, cleanest interface, and fastest scan speeds. And its $20 price for a year of updates and tech support is a bargain. You also won't be disappointed by Webroot's Spy Sweeper, which was almost as effective as CounterSpy, scans quickly, and is easy to use. Combining either product with HijackThis--and reasonable caution when installing dubious goodies--you should be able to keep your system pretty well spyware-free.

    http://www.pcworld.com/reviews/artic...72,pg,1,00.asp
    Mary Landesman
    From the April 2005 issue of PC World magazine
    Posted Tuesday, March 01, 2005

    I predict Microsoft's anti-spyware/adware programs will be the Gold Standard. I'm reviewing a install of an application I'll call a "desktop firewall" tomorrow at EDS corporated offices, hoping Microsoft will buy them like they did www.GiantCompany.com . Kinda drakonian for the affiliate marketing iondustry but it forever eliminates any BHO installs or system setting hijackings and lets the enduser surf drive-by install sites, porn popup hellholes and even read virus laden e-mails ....with no harm at all to their system. Bad news, unless I can pressure them to pass through network tracking cookies, is all online shopping become effectively a session only matter.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  18. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Why does linkshare list Florida in the "heating up" category...
    By delsol in forum Florida Affiliate Tax
    Replies: 0
    Last Post: April 12th, 2010, 02:48 AM
  2. Replies: 4
    Last Post: November 29th, 2008, 08:31 AM
  3. Replies: 2
    Last Post: July 29th, 2005, 01:51 PM
  4. "It's the biggest threat on your computer..."
    By UncleScooter in forum Midnight Cafe'
    Replies: 1
    Last Post: May 10th, 2005, 09:45 AM
  5. List of Merchants linked to Spyware/Adware
    By HardwareGeek in forum Midnight Cafe'
    Replies: 6
    Last Post: February 13th, 2005, 05:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •