Wishlist of spyware slime….



The sunbeltblog has uncovered a fairly interesting document. (Dated May 16 and originally in Russian) which appears to be the wishlist of a spyware criminal. (Slime was my own definition…)



It’s an interesting read – 7 pages, I haven’t read all the details yet, but the “it will disable all firewall and antivirus software in all possible ways” is enough for me to call them slime.

They (the spyware’ers…) probably refer to an ifram vulnerability detailed here. This vulnerability has been patched, but there are likely many unpatched systems out there.

They(sunbelt) apparently uncovered this researching spyware. (Go sunbelt… uncovering some good stuff lately.)

I’ve looked over it and it reads like a chat transcript. It lays out a clever, if slimy, design of a small downloader that is installed via the iframe exploit. That loader kickstarts a bigger bug, the REAL one, essentially stealth in the task list is a goal as is “infecting the system deeply”. They also details ways of using this network to distribute other parts of code, sophisticated control panelling and monitoring of the botnet.

They also reveal their attitude towards abuse complaints and express a desire to find a way to continue distributing the files after the server has been taken down. (Server compromise?)

It’s probably not too surprising, but it is interesting to see that validate that these essentially are virus writers trying to build a money making viral network.

Update 8/25 Spyware confidential has picked this up and has pointed the way to a useful site that a sunbelt employee has up regarding coolwebsearch. webhelper4u has a variety of resources detailing cws or coolwebsearch including lists of domains and ip addresses that are known to distribute the hijackware/spyware/adware pest.

There are also helpful links on that site to display some screenshots of the coolwebsearch “scareware” alerts, there are links to online forums where users might find help and he has detailed the history of the coolwebsearch (CWS) gang as well as additional writings. If you’re fighting a Coolwebsearch Infestation (CWS infestation) you might want to read up on it there.

Related Posts

Blog Traffic Exchange Related Posts
  • Google Mail now open for signups Google Mail (GMail) has up until now been open to signups by invitation only. It seems they've opened up their process a bit and if you have a mobile phone, you can signup using that. It's interesting I was reading last night how the invitation process was perhaps a clever......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
  • Spyware is bad.... Surprise... what is surprising is how high it's infiltration is reported to be. Spyware confidential is reporting on a Webroot survey claiming that spyware in the enterprise is at 80% (does this mean 80% of businesses have spyware, or 80% of business machines have spyware?) According to this about 80%......
Blog Traffic Exchange Related Websites
  • The Dangers of Long Term and Interest Only Loans There are two new trends in the banking world that may actually be very dangerous for consumers. Long term personal loans and interest only loans are gaining in popularity, especially in the wake of the housing crisis. While these may seem to be a great option at the time, there......
  • Some Useful SEO Information For You No doubt you are coming to understand better exactly how critical it is to know how to employ SEO for your benefits, as you understand Internet marketing. Search Engine Optimization can also be referred to as SEO. It is pretty much a big word for how you can ensure your......
  • Article Marketing Secrets: How I Get Up To 58% Of People Who Read My Articles To Click The Link To My Website photo credit: Tamara Manning At first sight article marketing can sound like a dream come true. Do some keyword research to find "low hanging fruit" keywords. Write an article about each one, add a short "about the author" bio file at the end that links back to your website......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Wishlist of spyware slime….”

  1. Avery J. Parker - Web site hosting and computer service Says:


    [...] Along the lines of “Wishlist of Spyware Slime” that I referred to last week, it appears there’s a chat transcript out from before the arrest of the suspected writer of the mytob and zotob worms. The security fix has the details. [...]


Switch to our mobile site