Wishlist of spyware slime….



The sunbeltblog has uncovered a fairly interesting document. (Dated May 16 and originally in Russian) which appears to be the wishlist of a spyware criminal. (Slime was my own definition…)



It’s an interesting read – 7 pages, I haven’t read all the details yet, but the “it will disable all firewall and antivirus software in all possible ways” is enough for me to call them slime.

They (the spyware’ers…) probably refer to an ifram vulnerability detailed here. This vulnerability has been patched, but there are likely many unpatched systems out there.

They(sunbelt) apparently uncovered this researching spyware. (Go sunbelt… uncovering some good stuff lately.)

I’ve looked over it and it reads like a chat transcript. It lays out a clever, if slimy, design of a small downloader that is installed via the iframe exploit. That loader kickstarts a bigger bug, the REAL one, essentially stealth in the task list is a goal as is “infecting the system deeply”. They also details ways of using this network to distribute other parts of code, sophisticated control panelling and monitoring of the botnet.

They also reveal their attitude towards abuse complaints and express a desire to find a way to continue distributing the files after the server has been taken down. (Server compromise?)

It’s probably not too surprising, but it is interesting to see that validate that these essentially are virus writers trying to build a money making viral network.

Update 8/25 Spyware confidential has picked this up and has pointed the way to a useful site that a sunbelt employee has up regarding coolwebsearch. webhelper4u has a variety of resources detailing cws or coolwebsearch including lists of domains and ip addresses that are known to distribute the hijackware/spyware/adware pest.

There are also helpful links on that site to display some screenshots of the coolwebsearch “scareware” alerts, there are links to online forums where users might find help and he has detailed the history of the coolwebsearch (CWS) gang as well as additional writings. If you’re fighting a Coolwebsearch Infestation (CWS infestation) you might want to read up on it there.

Related Posts

Blog Traffic Exchange Related Posts
  • Rsync for easy (and quick) backups I've got to say, I haven't spent ENOUGH time with rsync to really be fluent in how I could put it to use.... A week or so ago I was reading this list of essential Linux software by a guy that moved from Mac OS X to linux because he......
  • Wordpress Category RSS feed links In working on the post related to software updates and making sure it was easy to find the category feed JUST for that led me on a "round the world" kind of quest to find a way to put the category feeds in the footer of pages in Wordpress. The......
  • Huge identity theft ring discovered by spyware research Sunbelt blog, reports that they have uncovered a MASSIVE amount of personal data, ranging from usernames to passwords to banking information and much more while investigating spyware. They found keylogger transcript software with lots of personal information. Sunbelt develops software to protect against spam and spyware and other security threats.......
Blog Traffic Exchange Related Websites
  • Three Secrets of Successful Corporate Blogs Every week, new corporate blogs spring into existence, but many are doomed to fail from the start. How can you be assured that your blog is going to be a success? Follow in the footsteps of the leaders and learn from their mistakes! There are three main secrets to successful......
  • Top 22 Weight Loss, Health, and Fitness Blogs of 2007 When I first began writing about my weight loss journey this past May, I wasn't expecting to have compiled such an enormous list of blogs that I actually read on a daily basis. That being said, I have decided to make the last post of the year a tribute......
  • 5 Musts You Should Be Doing When You're Not Blogging Unless you are writing hundreds of posts a day, the amount of time you spend posting on your corporate blog should be minimal. In fact, that is why so many decide to start their own blogs, since everything can be automated and you can sit back and relax. However, there......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Wishlist of spyware slime….”

  1. Avery J. Parker - Web site hosting and computer service Says:


    [...] Along the lines of “Wishlist of Spyware Slime” that I referred to last week, it appears there’s a chat transcript out from before the arrest of the suspected writer of the mytob and zotob worms. The security fix has the details. [...]


Switch to our mobile site