Drive-by spyware which, well, spies on you

CoolWebSearch (CWS) is an interesting advertising company. What sets it apart from your run-of-the-mill advertising company is that it specifically uses browser vulnerabilities (mainly Internet Explorer) to install its spyware/adware as the user browses one of its numerous affiliate sites. No user interaction whatsoever. This type of activity has been dubbed in the industry as ‘drive-by installation’.

It appears that an invisible boundary has been crossed now with a CWS variant that specifically collects keyboard strokes and potentially other information and posts it on an Internet server.

Check out Sunbelt Software blog and remember: This is just a blog and the alleged research results of a single person. Don’t jump to conclusions – not just yet.

Correction: CoolWebSearch probably has nothing to do with that; The trojan was found during a CWS investigation by a researcher, but it is not otherwise related to CoolWebSearch.