Weekly Spyware Alert: CoolWebSearch

 
 
By Webroot Software Development Team  |  Posted 2003-08-18 Email Print this article Print
 
 
 
 
 
 
 

Has your browser been hijacked by CoolWebSearch spyware? If you've ever been redirected to coolwebsearch.com unexpectedly, you may be infected.

Variants: This spyware is morphing at a rapid rate. Below, variants and their estimated appearance date are listed in reverse chronological order.
  • DNSRelay.dll – August 7, 2003
  • Svchost32 – August 3, 2003
  • Oemsyspnp – July 29, 2003
  • Msspi.dll – July 28, 2003
  • Vrape – July 20, 2003
  • OSLogo.bmp – July 10, 2003
  • Bootconf – July 6, 2003
  • Datanotary – May 27, 2003
Description: CoolWebSearch is a name given to a wide range of different browser hijackers. The code is very different between variants, but all are currently used to redirect users to coolwebsearch.com and other sites affiliated with its operators. The alarming trend with this hijacker is rapid metamorphosis and the increasing difficulty of removal. Some documented behaviors associated with each variant include:
  • DNSRelay.dll - Implemented as an IE URL hook. Hijacks address bar search phrases as well as any site name entered into the address bar without a leading http:// or www to search aimed at activexupdate.com (a CWS site redirecting through yellow2.com to allhyperlinks.com).
Click here for the complete story...
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel