This appears to have been dealt with at the browser level
in MS Security Bulletin MS03-011.
I have a hard time blaming MS for everything since in most cases
of these things they do react. How do they force the users to update?
Could they implement a switch that says "no update, no working browser"?
At least for IE?
Scob was dealt with via the hammer, this could be too.
There's 39 variants at the moment:
http://www.spywareinfo.com/~merijn/cwschronicles.html
The difficulty in cleaning is due to the variants:
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder
Disclaimer: That site "looks/feels" credible, but I did just a little
correlation. Thanks.
ARIN:
The IP number for their website is allocated to cogent, but not SWIP'd.
Apparent last mile:
16 p6-0.core01.jfk02.atlas.cogentco.com (66.28.4.82) 107.092 ms 104.713
ms 107.080 ms
17 p5-0.core01.jfk01.atlas.cogentco.com (66.28.4.9) 108.177 ms 108.023 ms
109.115 ms
18 g49.ba01.b001362-1.jfk01.atlas.cogentco.com (66.28.66.42) 106.147 ms
105.769 ms 109.537 ms
19 HyperSpace_Communications.demarc.cogentco.com (66.250.5.30) 110.872 ms
108.745 ms 106.978 ms
20 66.250.74.150 (66.250.74.150) 107.939 ms 108.364 ms 104.599 ms
Apparent Registration:
domain: coolwebsearch.com
status: production
organization: InterWeb Solutions Inc
owner: InterWeb Solutions Inc
email: admin@iweb-commerce.com
address: P.O. Box 362
address: Road Town
city: Tortola
postal-code: 65113
country: IO
admin-c: admin@iweb-commerce.com#0
tech-c: admin@iweb-commerce.com#0
billing-c: admin@iweb-commerce.com#0
nserver: ns1.maximumhost.com
nserver: ns2.rosexxxgarden.com
registrar: JORE-1
created: 2001-06-01 04:51:34 UTC JORE-1
modified: 2004-03-17 14:59:02 UTC JORE-1
expires: 2007-05-31 22:51:23 UTC
source: joker.com
-M