CoolWebSearch
Encyclopedia
CoolWebSearch is a well-known spyware
program that installs itself on Microsoft Windows
based computers. It first appeared in May 2003.
homepage to coolwebsearch.com, and although originally thought to only work on Internet Explorer
, recent variants affect Mozilla Firefox
as well as others. It can also create pop-up ad
s that redirect to other websites including pornography
sites, collect private information about users and slow the speed of infected computers.
Coolwebsearch uses innovative techniques to evade detection and removal, and as such many common spyware removal programs fail to properly remove the software.
Some versions of CoolWebSearch can be installed through drive-by installation, in which a computer browsing a webpage automatically installs CWS. CWS itself attempts to evade others by not labelling its ads, not providing an EULA, not providing any data about itself and not having a website. Certain variants insert links on random text, leading to advertiser websites. Other attempts to access websites are redirected to pay-per-click search engines that may install more malware
display ads. Some variants of CWS also add links to pornography
and gambling sites to the user's Desktop
, Internet Explorer
's bookmarks and history. Certain versions attempt to edit users' trusted sites and modify security settings as well as to hide from removal programs. Variants are often named for the effects they have such as msconfig
, Msoffice
, Mupdate
, Msinfo and Svchost32
.
, Canada, whilst their DNS
registration lists an address in the British Virgin Islands
, and their web server appears to be run by HyperCommunications in Massachusetts
, USA. CoolWebSearch is also linked to CoolWebSearch.org and appears to be related to webcoolsearch.com. The names of the creators currently remain unknown.
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
program that installs itself on Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
based computers. It first appeared in May 2003.
Effects
CoolWebSearch has numerous effects when it is successfully installed on a user's computer. The program can change an infected computer's web browserWeb browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
homepage to coolwebsearch.com, and although originally thought to only work on Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
, recent variants affect Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
as well as others. It can also create pop-up ad
Pop-up ad
Pop-up ads or pop-ups are a form of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. Pop-ups are generally new web browser windows to display advertisements...
s that redirect to other websites including pornography
Pornography
Pornography or porn is the explicit portrayal of sexual subject matter for the purposes of sexual arousal and erotic satisfaction.Pornography may use any of a variety of media, ranging from books, magazines, postcards, photos, sculpture, drawing, painting, animation, sound recording, film, video,...
sites, collect private information about users and slow the speed of infected computers.
Coolwebsearch uses innovative techniques to evade detection and removal, and as such many common spyware removal programs fail to properly remove the software.
Some versions of CoolWebSearch can be installed through drive-by installation, in which a computer browsing a webpage automatically installs CWS. CWS itself attempts to evade others by not labelling its ads, not providing an EULA, not providing any data about itself and not having a website. Certain variants insert links on random text, leading to advertiser websites. Other attempts to access websites are redirected to pay-per-click search engines that may install more malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
display ads. Some variants of CWS also add links to pornography
Pornography
Pornography or porn is the explicit portrayal of sexual subject matter for the purposes of sexual arousal and erotic satisfaction.Pornography may use any of a variety of media, ranging from books, magazines, postcards, photos, sculpture, drawing, painting, animation, sound recording, film, video,...
and gambling sites to the user's Desktop
Desktop environment
In graphical computing, a desktop environment commonly refers to a style of graphical user interface derived from the desktop metaphor that is seen on most modern personal computers. These GUIs help the user in easily accessing, configuring, and modifying many important and frequently accessed...
, Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
's bookmarks and history. Certain versions attempt to edit users' trusted sites and modify security settings as well as to hide from removal programs. Variants are often named for the effects they have such as msconfig
MSConfig
MSConfig is a system utility to troubleshoot the Microsoft Windows startup process...
, Msoffice
Microsoft Office
Microsoft Office is a non-free commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems, introduced by Microsoft in August 1, 1989. Initially a marketing term for a bundled set of applications, the first version of...
, Mupdate
Windows Update
Windows Update is a service provided by Microsoft that provides updates for the Microsoft Windows operating system and its installed components, including Internet Explorer...
, Msinfo and Svchost32
Svchost.exe
In the Windows NT family of operating systems, svchost.exe is a system process which hosts multiple Windows services. Its executable image, %SystemRoot%\System32\Svchost.exe or %SystemRoot%\SysWOW64\Svchost.exe runs in multiple instances, each hosting one or more services...
.
Possible creators
The website claims that they are not responsible for the browser hijacking. They run an affiliate program that pays affiliates to direct others to their site with paid advertising links. Coolwebsearch.com's terms of service use the laws of QuebecQuebec
Quebec or is a province in east-central Canada. It is the only Canadian province with a predominantly French-speaking population and the only one whose sole official language is French at the provincial level....
, Canada, whilst their DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
registration lists an address in the British Virgin Islands
British Virgin Islands
The Virgin Islands, often called the British Virgin Islands , is a British overseas territory and overseas territory of the European Union, located in the Caribbean to the east of Puerto Rico. The islands make up part of the Virgin Islands archipelago, the remaining islands constituting the U.S...
, and their web server appears to be run by HyperCommunications in Massachusetts
Massachusetts
The Commonwealth of Massachusetts is a state in the New England region of the northeastern United States of America. It is bordered by Rhode Island and Connecticut to the south, New York to the west, and Vermont and New Hampshire to the north; at its east lies the Atlantic Ocean. As of the 2010...
, USA. CoolWebSearch is also linked to CoolWebSearch.org and appears to be related to webcoolsearch.com. The names of the creators currently remain unknown.
Variants
- CWS.Aboutblank
- CWS.Addclass
- CWS.Alfasearch
- CWS.Bootconf
- CWS.CameUp
- CWS.Cassandra
- CWS.Control
- CWS.Ctfmon32
- CWS.Datanotary
- CWS.Dnsrelay
- CWS.Dreplace
- CWS.Gonnasearch
- CWS.Googlems
- CWS.Hiddendll
- CWS.Homesearch
- CWS.Loadbat
- CWS.Look2Me
- CWS.Msconfd
- CWS.Msconfig
- CWS.MSFind
- CWS.Msinfo
- CWS.Msoffice
- CWS.Msspi
- CWS.Mupdate
- CWS.Oemsyspnp
- CWS.Olehelp
- CWS.Oslogo
- CWS.Qttasks
- CWS.Q-url3
- CWS.Realyellowpage
- CWS.Searchx
- CWS.Smartfinder
- CWS.Smartsearch
- CWS.Sounddrv
- CWS.Svchost32
- CWS.Svcinit
- CWS.Systeminit
- CWS.Systime
- CWS.Tapicfg
- CWS.Therealsearch
- CWS.Vrape
- CWS.Winproc32
- CWS.Winres
- CWS.Xmlmimefilter
- CWS.Xplugin
- CWS.Xxxvideo
- CWS.Yexe