a solution for the cws problem after reading some threads at cnet i considered the idea for a couple of days: the makers of coolweb get paid by the hit through the search page, a simple solution is to spam the crap out of it , when their associates find that they are paying out vast fortunes to coolweb they will withdraw and this will cause dissention between the businesses and the makers of this virus... er, "search helper". this sounds like a good idea unless you consider that this will make coolsearch a buck. a simple solution but a little off the mark for me. after beating my head against a wall for a week trying everything available ,it hit me: i didnt ask for this program to install itself and it is taking up my harddrive space sucking up my bandwidth and rewriting my files on my computer. i still get messages that my programs are trying to access the web(ip= 255.255.255.255:67) and when i allow this connection it installs all over again. generally fouling up my computer. i have decided to adopt a policy that unsolicited programs installing on my system will incur a storage fee to the tune of $1.00per bit of data stored per day , $5.00 per unauthorized internet access attempt(every 2 seconds 24/7 wether im connected or not) i will even charge for bandwidth consumed by the processes executed by coolweb. we should all adopt this policy and make a disclaimer that serves as our own version of our personal end user liscence agreement available on our computers if the makers of coolsearch dont read my disclaimer/eula thats their problem. all we need to do is find who is responsible (im sure that the sponsored sites on coolsearch will turn like milk when satan comes to town when presented with my invoice alone , but if we work together...) submit our bill and find some bright lawyer to collect(volunteers?). we can charge whatever "reasonable rate" we wish. a bit more complicated but it puts the cashflow in a direction a can accept. any feedback on this idea is welcome. i seriously would like to send spyware/malware writer back to the stone age
Re: a solution for the cws problem At the risk of making an OT reply, I would point out that a connection to 255.255.255.255 port 67 will be an attempt to gain a lease of an IP address using DHCP (Dynamic Host Configuration Protocol - see here for a good introduction) and this is done by Windows itself rather than by any running programs. CWS is likely to kick in after this and should be easily identified and blocked with a decent firewall. While I would sympathise with those who have had their systems screwed up by this hijacker, a more effective approach would be to slow down the sites it bookmarks by constantly reloading their pages. Microsoft does offer a Web Application Stress Tool (see here for instructions) which may be able to automate this process (by the look of it, you can create a script by having it monitor your browser - say browse to the credit card submission page - then have the tool replay that dozens/hundreds of times over). Be aware that your ISP may take exception to this if you take it to extremes though. Another option is to install Unsolicited Commando which will use your PC as a proxy to enter fake name/address/credit card data. While this aims at spamvertised websites, it is highly likely that the CWS "partners" will use spam also - and I'm sure that any request to add the sites to the UC list will be seriously considered.
actual feedback! thanx for the reply, however after checking the linx you posted it appears that im not as computer literate as i thought what i was really trying to say with that post is suggest another strategy for this problem . to quote "dr. strangelove"(everyone should see this movie if you can)" you see the objective is to instill in your enemy the FEAR to attack" ... if it becomes unprofitable for them to continue writing and rewriting these hijackers (and they will rewrite everytime we come up with a solution) then the war is over, until they find another way to expliot comsumers anyway. but i believe that this line of thought is worthy of exploration . so please continue the feedback
oops , forgot ... it has somehow been using windows nt logon app to access the web from the moment i turn my unit on to attemp to connect to the internet its when i am online and allow this that i find me browser reset and hjt can still find the probs (probably should post the log file and get help) and when i startup and run regscrub xp i still find something about typed url's and cscs settings. cant get cws shredder to run at all. found that spyferret claims to handle this but dont have the $40. to purchase at the moment. ps- if anyone is wondering what kind o' flake is calling himself goatsnif, its a pseudonym i was assigned in a band project a few years ago-"the foul muddhamas"(so read the label on a can of refried beans found at the paki import grocery market) spanky goatsniff-drums,keys,effects,some detuned guitar snoopy greemaumb-bass,shouts bucky oppenheiner-guitars,bellowing howls pokey mildew-words,programming
I understand, but your idea of levying a charge on your bandwidth has one problem - it's unenforcable (especially given that the CWS creator is apparently based in Kaliningrad, Russia) and therefore cannot be a deterrent. However, supplying false name and address data to the subscription pages of websites that do deals with CoolWebSearch to get added to Favourites lists can have an effect. So long as supplied credit card numbers pass the Luhn check they should be accepted by the website. When the website tries to charge the cards, this should then be rejected by the issuer. However, if a website starts making a large number of false card charges, then they risk having their account terminated. That is what will take these sites down - and if it becomes widely-known that CWS payees get targetted in this fashion, then it should be much harder for CWS to get new customers - removing one incentive for creating and updating this hijacker. BTW, don't bother paying for SpyFerret. AdWare and Spybot Search and Destroy are free and will do a better job of dealing with common adware. For CWS, CWShredder or HJT are the best choice. However the biggest favour you can do yourself is to ditch Internet Explorer (it's insecure and likely always will be) and use an alternative browser like Firefox or Opera. Both are free (though with Opera, you need to register it to get rid of the ad pane) and offer significant usability enhancements (e.g. tabbed browsing, one-letter search engine access) over IE.
Hi Paranoid 2000, I looked at UC and it looks very interesting. But, are the clients (who have their IP address logged and linked to the false credit card number and order) in any legal risk for placing a false order (in the US at least)? Thanks
The UC FAQ does address this. I would add that for a fraud conviction, there would have to be proof of an intent to deceive for unlawful gain. Entering random data on a public webserver should not qualify for this - and there is also the . I have been giving UC a test run and am somewhat underwhelmed at the moment - it has only attempted to target 2 domains, neither of which can be resolved (maybe the sites got shut down after being targetted by UC...) and runs once per hour. However it does give detailed information on what it is doing and I have not noticed anything untoward.
I'd second that,particularly since not even The Gulag appears to deter this misery-making miscreant.Ah,well-it's his karma.He'll be destined to wander some tortuous netherworld if there is any justice...
Thanks Paranoid 2000, I read the FAQ and law listed. While that law is mainly aimed at anti-hacking and not specifically CC fraud, I agree with you. It is just random data and would be difficult if not impossible to prosecute (though I am no lawyer). I really like the concept, very creative. A way to stick it to them finally. Let the war to reclaim the internet begin! Give it a little time, it was just started June 28th, it needs to pick up steam. I like the fact that it intelligently manages and rotates the clients so as not to overuse one. When I receive spam, I also notice many times that the host has already shut down the spamvertized website. This is probably due to regular complaints to the host. UC would be most effective against the big spammers with "Bullet proof Hosts" and "Pink ISP contracts". Thanks for the info, this is cool.
