April 22, 2005

If you ever look in JavaCool's SpywareBlaster list of Restricted domains, you will find there are currently 1316 domain names (domain.com) associated with CWS! These guys do not care who they hurt or how they make their money!

Threatchaos.com: Cool Web Search: The Ebola of Adware:

Yesterday I promised to reveal the most prevalent adware on the Internet. It will come as no surprise that it is Cool Web Search. Of course there are many versions of this nasty piece of work.

Here is the break down from the most recent Webroot Spy Audit results. Out of 1.49 million machines:

Version -- Number of machines
CoolWWW -- 227,513
CWS AboutBlank -- 187,246
CWS sp.html hijack -- 7,439
CWS_AnalyzeIE -- 7,569
CWS_Cassandra -- 6,860
CWS_Directwebsearch Hijacker -- 9,904
CWS_Ehttp Hijacker -- 16,978
CWS_Hputi -- 9,130
CWS_iesprt -- 5,616
CWS_mailhook -- 5,203
CWS_NS3 -- 167,897
CWS_NS3 Hijacker -- 57,123
CWS_xplugin -- 9,732

Total CWS -- 718,210

Half of all machines on the Internet are infected with Cool Web Search! Yesterday I used some data that is available on revenue generating capability of adware to project what each of the adware vendors are doing in terms of annual revenue. If I were to use the same numbers to calculate CWS's revenue it would be well over $200 million. It is hard to imagine an illicit group of hackers garnering that sort of revenue. I suspect that CWS is much worse at maintaining consistent revenue per infection because it is the Ebola of the Internet. It is so malicious that it tends to break the ability of a machine to browse effectively and therefore limits the number of ads and click-throughs that can be generated. Like Ebola, it kills its host before it can be productive.


# posted by OldOnliner : Friday, April 22, 2005

Comments: Post a Comment

<< Home

This page is powered by Blogger. Is yours?