|
|
|  |
|
|
|
|
F-Secure Spyware Information Pages: CoolWebSearch
|
|
| |
|
|
Summary
|
| CoolWebSearch is the spyware name of an aggressive family of hijackers. The spyware hijacks a user's browser, desktop and searches by several different means. It also displays fraudulent advertisements as pop-ups. CoolWebSearch is, in general, difficult to remove and has many methods to prevent detection and removal. |
|
|
|
Detailed Description
|
The spyware CoolWebSearch originates from Russia. It is one of the most famous and most aggressive spyware developed to date. The majority of the variants are, in some capacity, hijackers. The name originates from the first wildly spread hijacker directing searches through search pages affiliated to coolwebsearch.com. This is still the main functionality of the spyware, but there are also advertisements in the form of pop-ups. The advertisement is, in general, of dubious content. Several pop-ups deliver advertising of fraudulent products.
The company Cool Web Search offers affiliates a fee in exchange for visitors' use of their search program. An affiliate builds a search page of his liking and draws visitors there. The search page is linked to Cool Web Search's backend, which delivers the search results. To bring in profit to Cool Web Search, the company bids out keywords to the public, with top bidders getting top position in the search query list. Cool Web Search disclaims they have nothing to do with the hijacks and have closed down some affiliate sites.
CoolWebSearch hijacks
CoolWebSearch hijacks are usually much more advanced than the common hijack. It is more difficult to detect and trickier to remove. Even manual removal can sometimes be a difficult task.
Browser hijack
The browser is hijacked when default behavior is changed without a user's consent. An example is when the start page is changed. Browser hijacks also include the change of security settings, trusted sites, certificates and toolbars. An aggressive browser hijacker also resets the hijack if it was removed.
Search hijack
A search hijack is when the search functionality in the browser is altered to redirect search queries to a different site. Search functionality includes search queries in the address bar, search when a DNS name lookup failed, online searches and use of search toolbar.
CSS stylesheet hijack
A stylesheet hijack adds a custom stylesheet to Internet Explorer. The stylesheet is used each time the browser displays an HTML page. This stylesheet executes javascript, which monitors browser usage.
About:blank hijack
An about:blank hijack changes Internet Explorer to use about:blank as a start page. A registry hack will then alter this page to make the normally blank page like a search engine.
Desktop hijack
From Windows 98 onwards, Microsoft has provided a feature to make an interactive desktop. This feature is hijacked to display advertisement or search functionality. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: January 01, 2006
|
|
|
|
|
