new version of "coolwebsearch" blocks access to some security sites
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 45

Thread: new version of "coolwebsearch" blocks access to some security sites

  1. #1
    Banned
    Join Date
    Jun 2002
    Posts
    289

    Exclamation new version of "coolwebsearch" blocks access to some security sites

    Here we go.. the "coolwebsearch" nasty guys have escalated their efforts and now even are blocking access to some security sites by altering people's hosts files once again. It appears that cwshredder hasn't been updated to catch this yet.. Please read this thread by Tom Coyote.
    http://forums.tomcoyote.org/index.php?showtopic=3053

    there are only two entries in that thread so far, so I'll quote them (both made by Tom)

    Jan 15 2004, 09:07 PM
    This is to inform that there is a version of CWS going around that will block your access to anti-spyware sites

    There will be an email soon to all members of this board so that you know what to do in order to regain control over this problem

    Pass this information on to your friends as they may not be able to get here without your help
    Jan 15 2004, 09:19 PM
    Are you having difficulty accessing security-related websites ?

    You could have been hit by one of the latest hosts file scam by the Not-Coolwebsearch people...

    Easy enough to fix this.

    Get this program called Hosts File Reader. It will show the hosts file wherever it is located.

    http://members.shaw.ca/techcd/VB_Pro...FileReader.exe

    Run the program and look at the bottom part of the window, if an entry is there, double click it.

    You should see the contents of that file appear in the top part of the window. You can then change, delete, append, do what you want to the file using that utility.

    If you do not consciously use a hosts file, you can choose to delete it. If you do use a hosts file, then you probably know how to deal with the entries listed.

    If you aren't sure, there is the "Enable/Disable" function you can use. Disabling, will backup the current hosts and create a new default one. By doing this, you should be able to access those sites again.

    The current (partial) list of sites blocked by this latest malicious hosts file is:

    forums.spywareinfo.com
    www.spywareinfo.com
    www.merijn.org
    merijn.org
    spywareinfo.com
    www.computercops.biz
    computercops.biz
    dslreports.com
    www.dslreports.com
    www.lavasoftsupport.com
    lavasoftsupport.com
    forums.net-integration.net
    www.tomcoyote.org
    tomcoyote.org
    www.wilderssecurity.com
    wilderssecurity.com
    www.lavasoftusa.com
    lavasoftusa.com
    security.kolla.de
    www.security.kolla.de
    www.lavasoft.de
    lavasoft.de
    If you haven't heard of CWS, then you should read the info at this link.
    Document last updated: January 5, 2004
    http://www.spywareinfo.com/~merijn/cwschronicles.html

    HiJackThis...Zipped version of CWShredder --
    If you get a virus warning for W32/Generic.worm!p2p, try this link instead: Unpacked version of CWShredder
    If you get a message saying 'A required dll, MSVBVM60.DLL, was not found', install this first:
    Visual Basic 6 runtime libraries from Microsoft

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    At least AO didn't end up there..
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    That's very clever of them blocking some of our favorite sites.... I do wonder though if that could be construed as interfering with business? I also wonder what the websites on the list would say if they knew they were being blacklisted?

    Hmmm... I thnk I may have to drop a couple emails a little later, just to see what they say. Good find jenjen.

  4. #4
    Token drunken Irish guy
    Join Date
    Sep 2001
    Posts
    2,813
    Surely Lavasoft have some case against them considering it will affect users of Ad-Aware?

    These guys go way to far when it comes to Spyware methinks.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    My parents never loved me,

    and now CW won't put my favourite website on their hitlist....and IT IS A HITLIST!! with all the ramifications? This is war?...I cannot choose a proper security site? who the hell do they think that they are.

    Well like groovicus I have a bit of mailing to do, the main site is here:

    http://www.usdoj.gov/criminal/cybercrime/reporting.htm

    I will start the European trouble tomorrow.

    As William Shakespeare said: "Cry Havock! and unleash the dogs of war"

    MsM..........can you get me the components for an old Remington computer with a 3006 processor? Just a few bits (bytes) at a time .......I will find the mercury (errr...memory?)

    Good luck to all

  6. #6

    On vacation

    appears that cwshredder hasn't been updated to catch this yet
    It looks like the guy who makes CWShredder at Merijn.org has been on vacation from Jan 9 to Jan 19. So, that is probably why it does not take care of this new version.
    But he is back tomorrow, I would look for an update to CWShredder soon.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    OK, I am not sure how the system handles this, so I am trying a new post?

    Your Article has been received...

    Thanks for your submission!

    We will check your submission in the next few hours, if it is interesting and relevant we will publish it soon.
    At this moment we have 1 submissions waiting to be published.

    I am a member of "Computer Cops"...might be good to bring in people from another "precinct"

    I am sure that they will be highly amused?

    I will now revert to my original intentions..............

    Good luck and god bless

    EDIT: I have now contacted a couple of organisations with interests along Pennsylvania Avenue.......I await responses, but my e-mail is a bit sporadic, so if anyone in the States wants to try, please do

  8. #8
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Man that is some ****. So does anyone remember the line between spyware and a virus?


    New from Gator The FDISK 1000!

    Thats right, the company you have know and loved has realeased its best product to date! After our program takes all your important information and sells it on the ad company black market, it then performs a full system Format and replaces your precious files with softcore porn. All while we flash you ad after ad of Viagra and Viagra based products. So why wait...just kidding you don't have to, we have incorporated our product with every major software product in existance so we know for a fact that you have at least 4 versions of our product running on your computer at any given moment.

    So have fun while we dig up your grandparents and sell their precious jewlery to the nearest pawn shop!

    Gator - We **** your Life"
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    159
    BTW.... trojan.startpage.... once it affects ur system change the default page to mycoolwebsearch...

    Now are this two things connected in any manner... If yes.. I think that is absolutely unethical....

    You cannot force people to mark ur site as their start page by playing a havoc with there systems...

    Is a legal recourse possible for such type of activities......

    Regards
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi folks, I must say that the "THIS IS NOT AN AUTOMATED RESPONSE" from Supervisory Special Agent David.N.Rushing was a little "limp" IMHO

    However, perhaps the "B" Team can deliver?

    This is what I sent them:

    Hello,

    I am an IT professional in Europe, and belong to a number of security orientated websites. I was most disturbed to encounter the following:

    new version of "coolwebsearch" blocks access to some security sites posted Yesterday 10:42 PM
    (post #1)

    Here we go.. the "coolwebsearch" nasty guys have escalated their efforts and now even are blocking access to some security sites by altering people's hosts files once again. It appears that cwshredder hasn't been updated to catch this yet.. Please read this thread by Tom Coyote.
    http://forums.tomcoyote.org/index.php?showtopic=3053

    there are only two entries in that thread so far, so I'll quote them (both made by Tom)

    quote:

    Jan 15 2004, 09:07 PM
    This is to inform that there is a version of CWS going around that will block your access to anti-spyware sites

    There will be an email soon to all members of this board so that you know what to do in order to regain control over this problem

    Pass this information on to your friends as they may not be able to get here without your help


    quote:
    Jan 15 2004, 09:19 PM
    Are you having difficulty accessing security-related websites ?

    You could have been hit by one of the latest hosts file scam by the Not-Coolwebsearch people...

    Easy enough to fix this.

    Get this program called Hosts File Reader. It will show the hosts file wherever it is located.

    http://members.shaw.ca/techcd/VB_Pr...sFileReader.exe

    Run the program and look at the bottom part of the window, if an entry is there, double click it.

    You should see the contents of that file appear in the top part of the window. You can then change, delete, append, do what you want to the file using that utility.

    If you do not consciously use a hosts file, you can choose to delete it. If you do use a hosts file, then you probably know how to deal with the entries listed.

    If you aren't sure, there is the "Enable/Disable" function you can use. Disabling, will backup the current hosts and create a new default one. By doing this, you should be able to access those sites again.

    The current (partial) list of sites blocked by this latest malicious hosts file is:

    forums.spywareinfo.com
    www.spywareinfo.com
    www.merijn.org
    merijn.org
    spywareinfo.com
    www.computercops.biz
    computercops.biz
    dslreports.com
    www.dslreports.com
    www.lavasoftsupport.com
    lavasoftsupport.com
    forums.net-integration.net
    www.tomcoyote.org
    tomcoyote.org
    www.wilderssecurity.com
    wilderssecurity.com
    www.lavasoftusa.com
    lavasoftusa.com
    security.kolla.de
    www.security.kolla.de
    www.lavasoft.de
    lavasoft.de


    Now, if a scumware provider can do that....what could they do in terrorist hands...assuming that they are not already? I feel that cyberterrorism is the next threat, and if people like this are allowed to continue in their greed it threatens US National and Global security?

    I would be very interested in your assurances that this matter is being dealt with........I will be raising it in Europe within the next few hours

    God Bless
    Johnno


    That was to the US Secret Service

    Good luck......waiting to hear on my local efforts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •