nanog mailing list archives
RE: Spyware becomes increasingly malicious
From: "Hannigan, Martin" <hannigan () verisign com>
Date: Mon, 12 Jul 2004 12:37:37 -0400
This appears to have been dealt with at the browser level in MS Security Bulletin MS03-011. I have a hard time blaming MS for everything since in most cases of these things they do react. How do they force the users to update? Could they implement a switch that says "no update, no working browser"? At least for IE? Scob was dealt with via the hammer, this could be too. There's 39 variants at the moment: http://www.spywareinfo.com/~merijn/cwschronicles.html The difficulty in cleaning is due to the variants: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder Disclaimer: That site "looks/feels" credible, but I did just a little correlation. Thanks. ARIN: The IP number for their website is allocated to cogent, but not SWIP'd. Apparent last mile: 16 p6-0.core01.jfk02.atlas.cogentco.com (66.28.4.82) 107.092 ms 104.713 ms 107.080 ms 17 p5-0.core01.jfk01.atlas.cogentco.com (66.28.4.9) 108.177 ms 108.023 ms 109.115 ms 18 g49.ba01.b001362-1.jfk01.atlas.cogentco.com (66.28.66.42) 106.147 ms 105.769 ms 109.537 ms 19 HyperSpace_Communications.demarc.cogentco.com (66.250.5.30) 110.872 ms 108.745 ms 106.978 ms 20 66.250.74.150 (66.250.74.150) 107.939 ms 108.364 ms 104.599 ms Apparent Registration: domain: coolwebsearch.com status: production organization: InterWeb Solutions Inc owner: InterWeb Solutions Inc email: admin () iweb-commerce com address: P.O. Box 362 address: Road Town city: Tortola postal-code: 65113 country: IO admin-c: admin () iweb-commerce com#0 tech-c: admin () iweb-commerce com#0 billing-c: admin () iweb-commerce com#0 nserver: ns1.maximumhost.com nserver: ns2.rosexxxgarden.com registrar: JORE-1 created: 2001-06-01 04:51:34 UTC JORE-1 modified: 2004-03-17 14:59:02 UTC JORE-1 expires: 2007-05-31 22:51:23 UTC source: joker.com -M -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan () verisign com coolwebsearch:
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of Paul Vixie Sent: Monday, July 12, 2004 12:19 PM To: nanog () merit edu Subject: Re: Spyware becomes increasingly malicious somebody, probably sean, mentioned scaling earlier in this thread.coolwebsearch has become more and more sneaky.. so bad that development of cws shredder has been abandoned by its developer.....the first time only about 3 days ago and I got rid of itin 10 minutes!I can see how it would be a problem for a newbie but itshouldn't beanything more than 10 minutes work for anyone here with Windows experience....There are dozen of variants, obviously you've seen only one.so, this bit of spyware (which was resistant to ad-aware as of last week, though ad-aware seems to publish a new definition file every day now) relies on a web site, and that web site relies on the spyware for its traffic and eyeballs, and the spyware and website are owned/operated/"published" by the same company. the website does not move around, it's at a fixed location. the scaling issue, please: "why does that company still have an internet connection?" or, to put it less mildly: "why does that company's provider still have an upstream?" or, to put it in terms you can all understand: "why does that provider's upstream still have bgp peers?" if you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is "it isn't scaling well." -- Paul Vixie
Current thread:
- Re: Spyware becomes increasingly malicious, (continued)
- Re: Spyware becomes increasingly malicious Gregh (Jul 12)
- Re: Spyware becomes increasingly malicious William Warren (Jul 12)
- Re: Spyware becomes increasingly malicious Gregh (Jul 12)
- RE: Spyware becomes increasingly malicious Michel Py (Jul 12)
- Re: Spyware becomes increasingly malicious Daniel Golding (Jul 12)
- RE: Spyware becomes increasingly malicious David Schwartz (Jul 12)
- Re: Spyware becomes increasingly malicious Christopher Woodfield (Jul 12)
- Re: Spyware becomes increasingly malicious David A . Ulevitch (Jul 12)
- plumbers coming down the pipe Paul Vixie (Jul 16)
- Re: Spyware becomes increasingly malicious Paul Vixie (Jul 12)
- Problems with private justice (was Re: Spyware becomes increasingly malicious) Sean Donelan (Jul 13)
- Re: Spyware becomes increasingly malicious Daniel Golding (Jul 12)
- Re: Spyware becomes increasingly malicious Valdis . Kletnieks (Jul 13)
- Re: Spyware becomes increasingly malicious Alexei Roudnev (Jul 13)
- Re: Spyware becomes increasingly malicious Petri Helenius (Jul 13)
- Re: Spyware becomes increasingly malicious Alexei Roudnev (Jul 14)
- Re: Spyware becomes increasingly malicious John Underhill (Jul 14)