I’ve been seeing hapless victims of CoolWebSearch installations come across the web server for a long time. Based on their referer info, I think these are hits from zombied machines infected with this “utility”. I had even thought about popping something up for those folks so they knew that they had some pretty crappy spyware running on their machines, but if they’re zombies, the real users probably don’t even know they’re hitting my site, and would never see it. CoolWebSearch has been reported for months as just plain old junk, with a hint of being dangerous.
Today, we found out just how bad CoolWebSearch really is. eWeek is reporting here that a spyware researcher has dug deeper and discovered that CoolWebSearch appears to be a front for a evil bit of coding that steals personal data — web site logins, banking info, etc. — and funnels it off to a server in Texas somewhere to be retrieved by…. well, who knows?
The good news is that in the article is a link to a utility hosted on Trend Micro’s site that will eradicate CoolWebSearch. Knowing just as much as is in the article, I would strongly recommend anyone with a Windows box to check themselves for webticks and weblice by getting and running this app. The stakes are just too high to ignore this one.