Wednesday, June 30, 2004
Fiends and Family (Yes The Spelling Is Intentional)
The creator of CWShredder has called it quits. This is not a good thing for the PC user community, since removing the infernal CoolWebSearch pest has only gotten harder as its variants have propagated, and removing it with tools such as HijackThis, RegEdit, and other low-level stuff requires not only detailed system level knowledge but careful process, which realistically might not be present when there's a crisis situation and your PC's Critical Need Detector has gone off. Merjin is definitely one of the real Good Guys out there.
The question then goes back to an earlier postulate of mine, which is who's paying for this? The CoolWebSearch code is devilishly insidious, and is obvious evidence of a well-trained system hacker. Guys like that are usually not the types to unleash this sort of thing just for the hell of it. It's possible there's some committed uber-Commie (this thing tracks back to Russia), perhaps ex-KGB who does it for the sheer pleasure of wrecking the information economy of the West, but a far more likely scenario is purely mercenary. Follow the money. The coder(s) doing this are likely being paid from fat profits from advertisers, be they porn peddlers or members/partners of Good Corporate Citizens.
I suspect the level of cutouts and intermediaries associated with the CoolWebSearch infrastructure (pardon my misuse of the term) would make investigating this require both a very large police force and a very large accounting team. And please don't talk about Interpol, unless you're referring to the rock band. Interpol is a useful fiction device in the movies, but in reality it's a few guys sitting in an office somewhere "coordinating" and harrumphing. For the icing on the cake about Interpol, consider that it numbers amongst its' past presidents the late unlamented Reinhard Heydrich.
The secondary question is why a college kid (now graduated) from Belgium can create something desperately needed by the IT security community, in Visual Basic yet, that Symantec, Network Associates and for that matter Microsoft can't do with all of their resources. I would think that MSFT does have at least a moral obligation to provide sufficient information and resources to the security community such that they can get fixes for this crap out there. In the case of their corporate customers, it may even be a fiduciary obligation (inane license agreements aside). Their response to this issue has been underwhelming to say the least.
The whirlwind sown during the browser wars is coming, thanks to MSFT's insistence on so tightly coupling the browser to the OS.
Update - just discovered this interesting link about who's advertising with a well-known piece of crapware. Another link points to the top 20 advertisers on another notably pesty service which keeps quote unquote offering crapware to your PC. Follow the money trail....