CWS History - Any experts among you?

Discussion in 'malware problems & news' started by cico, Jan 23, 2012.

Thread Status:
Not open for further replies.
  1. cico

    cico Registered Member

    Joined:
    Jan 23, 2012
    Posts:
    6
    Location:
    de
    Hi Wilders community,
    for many years I've been investigating fraudulent activities in the internet and telecommunication sector, originally starting with dialers in 2003 (and - more or less - limited to Germany)

    At the moment I'm trying to "combine" various existing investigations, it's a long story...

    For several reasons I would love to get in touch with an expert in CWS background investigations, and - because I'm not that fluid in English - I am looking for someone who's speaking German or is a native German.

    If someone is not German, but can tell me about CWS backgrounds, let's try to communicate ;)

    Is there any (english or german) "overview" about CWS? Where and when did it start? Who are known "central characters"?

    Well, you may ask "who's that guy stepping through the door and asking questions"... I can't tell you who I am, but I am very busy on some German boards. The fact that I am asking this question NOW is that I want to "confirm" some theories about links between CWS and other "structures" (not only, but for example RBN)

    Any help appreciated,

    kind regards
    Cico

    sorry if I did offend your eyes with insufficient language skills ;)

    in German:
    http://www.trojaner-board.de/108478-dringend-gesucht-deutschsprachige-cws-experten.html
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    One individual who led the fight against CoolWebSearch is Wewbhelper. Not sure if it's still there, but he had a full history of their activity on his site.
    http://webhelper4u.net/
     
  3. cico

    cico Registered Member

    Joined:
    Jan 23, 2012
    Posts:
    6
    Location:
    de
    Thank you.
    I have archived information from webhelper4u from 2004 on, but I never tried to get in touch with webhelper. So I know a lot of his wonderful research, but it's hard to find the jigsaw pieces that I need...

    Anyway, I hope that he steps in here, because as far as I understand most of the information about CWS is from his investigations.

    Ok, I will just write "webhelper, come here, Webhelper, come here". Let's see if it works :)
     
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  5. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ cico

    Kevin McAleavey formaly of BOClean etc @ "Privacy Software Corporation" knows a LOT about CWS & plenty of others. Moreover he went out of his way to identify the coders of Malware, by examining their code. He found that, more often than not, they left/included identifying traces in there, so was able to keep track of them over Many years ;)

    He is now at http://www.knosproject.com & also a member here. You might like to contact him to see if can spare any time to provide you with some background insights etc into CWS etc.

    RBN info

    http://rbnexploit.blogspot.com

    Mirror link not working, but David Bizeul's link is :)

    http://www.bizeul.org/files/RBN_study.pdf

    @ stapp

    Excellent link :thumb:
     
  7. cico

    cico Registered Member

    Joined:
    Jan 23, 2012
    Posts:
    6
    Location:
    de
    Bizeul did great work. And thank you so much for the other links so far!
    Pieter Arntz
    more technical at first glance, but I'll take a closer look.

    By the way: The quick and informed response to my inquiry is deeply impressive!
     
    Last edited: Jan 23, 2012
  8. Corrine

    Corrine Spyware Fighter

    Joined:
    Jan 10, 2005
    Posts:
    117
    Location:
    Upstate NY
    Webhelper (Patrick Jordan) has been working for Sunbelt Software, now GFI, for many years.
     
  9. cico

    cico Registered Member

    Joined:
    Jan 23, 2012
    Posts:
    6
    Location:
    de
    I have studied lists for hours and I still don't understand why some domains/names are listed in CWS lists. At the moment I fear that I was chasing a mirage, or at least I did overinterpret some information. I hope to see clearer in a life or two ;)
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi cico,

    I'm Dutch, but fluent in German and was a close-by follower of the battle against "CWS"
    If you want, you can PM me your email address and I will get in touch with you.
     
  11. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    How I wish I could help here, but when COMODO took over our company and tossed my butt to the curb, they own ALL that I knew in the BOClean days and did NOT convey *any* of the rights to what existed in my brain during my prior days. If I were to offer anything I knew about "their" property or branding, I'd end up being sued for helping. I'm not even permitted under my separation agreement to *think* about malware and Windows, which is the reason why I'm doing what I'm doing now.

    Wish I could help, but I'm not even allowed to talk to any of our former customers since they too are owned now by COMODO. :(
     
  12. cico

    cico Registered Member

    Joined:
    Jan 23, 2012
    Posts:
    6
    Location:
    de
    What a pity for me - and what an even greater pity for you to be in this situation.
    Many thanks to you and my best wishes.
    Sometimes things are so unnecessarily difficult, and when things are impossible because of that, things that just would be good, it makes one angry.
    Thank you again for your reply!!!
     
  13. cico

    cico Registered Member

    Joined:
    Jan 23, 2012
    Posts:
    6
    Location:
    de
    I'm glad and thankful to read this.
    Ik ben blij dat je Duits spreekt. Ik wilde niet te vragen, omdat het lijkt misschien arrogant te zeggen over een Nederlander 'Duits spreken met mij', alleen maar omdat mijn Engels is niet goed genoeg. En arrogantie jegens Nederland is 'typisch' Duits. Maar met "Google Translator" het gewoon niet zou werken...


    -----

    to show you what I'm talking about

    In 2004 I archived a file from Patrick's site "Browse Complete Listing Updated: 29 July, 2004 12:55:52 PM -0400"
    This was because we had reports in Germany about a rogue dialer and it could be linked to CWS.
    In that 2004 file you can read
    This is one of the aliases within the Cactus Dimpy Group (JFP)
    and here this person is identified (from the Sophos analyses)
    http://nakedsecurity.sophos.com/koobface-7/

    I'm absolutely certain that the Sophos analysis will lead to massive attempts to cover up evidence. We just need to be faster.
     
    Last edited: Jan 24, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.