Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch

To: Times Enemy <times@xxxxxxx>
Subject: Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch
From: Paul Laudanski <zx@xxxxxxxxxxxxxx>
Date: Fri, 16 Sep 2005 12:08:06 -0400 (EDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <4329C8CF.9030907@xxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Microsoft has a research team that seeks out new spyware threats for the 
MSAS database.  They write up their own analysis so the threats listed in 
our database most likely have a different name and method for identifying 
malware BHOs.  The experts here at CCSP do share information on new 
threats we find with all Antivirus, Antispyware, AntiTrojan vendors 
(including MSAS) so that everyone has protection as soon as possible.

Microsoft has enormous resources to find new threats and they additionally 
rely on their Spynet community and their new technology codenamed Strider 
using HoneyMonkeys to automatically crawl the web to find new malware 
threats.

http://www.microsoft.com/athome/security/spyware/software/about.mspx

[quote]Stop new threats faster with SpyNet.. The voluntary, worldwide 
SpyNet. community plays a key role in determining which suspicious 
programs are classified as spyware. SpyNet. participants help to discover 
new threats quickly so everyone is better protected. Any user can choose 
to join SpyNet. and report potential spyware to Microsoft.
.       

Spyware expertise you can rely on. A dedicated team of Microsoft 
researchers scours the Internet to discover new spyware and develop 
methods to counteract it.[/quote]

        'Honeymonkeys' Find Web Threats
http://www.informationweek.com/story/showArticle.jhtml?articleID=168600939

On Thu, 15 Sep 2005, Times Enemy wrote:

> Greetings.
> 
> I am not professionally involved with this, merely curious, which is my 
> excuse for my current ignorance in this area.
> 
> Does the Microsoft (Giant) Antispyware application utilize the CasteCops 
> list(s) of BHOs?
> 
> Up front, i am being lame and not rtfm'ing/researching this myself.
> 
> .times enemy
> 
> 
> Paul Laudanski wrote:
> 
> >CastleCops keeps and maintains various databases on malware and legitimate 
> >items for browser helpers objects, toolbars, startups, services, and 
> >activex objects. 
> >
> >Thanks to the collaboration of many Team CastleCops Expert members, CC is 
> >frequently among the first to indentify and analyze a new emerging pest, 
> >and hence to add information on its components to the various Lists. We 
> >were for example the first to spot and categorize a new BHO co-responsible 
> >for an all new version of SpySheriff/PsGuard/SmitFraud, one of the most 
> >insidious and prevalent pests around: 
> >
> >http://castlecops.com/tk6387-hp_tmp_random_char_or_digit.html 
> >
> >CastleCops is also in progress of entering all BHOs pertaining to the 
> >notorious CoolWebSearch/HomeSearch parasite variant to its CLSID database 
> >list. That information is used to power publicly accessible applications 
> >such as (in addition to researcher based utilities): 
> >
> >BHODemon - http://www.definitivesolutions.com/bhodemon.htm
> >BHOList - http://merijn.org/downloads.html
> >
> >The BHO database in its entirety is made available to the public here: 
> >
> >http://castlecops.com/CLSID.html 
> >
> >Source: 
> >http://castlecops.com/a6249-CastleCops_ramps_up_fight_against_CoolWebSearch_HomeSearch.html
> >http://castlecops.com/article-6249-nested-0-0.html

________ Information from Computer Cops, L.L.C. ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.

  part000.txt - is OK
http://castlecops.com

References:
- Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch
  - From: Times Enemy

Prev by Date: worring about YaST in SuSE 9.3 and maybe lower
Next by Date: arc insecure temporary file creation
Previous by thread: Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Next by thread: Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability
Index(es):
- Date
- Thread