New variant CoolWebSearch & SARS

Sunbelt Software - counterSpy anti-spyware software maker - said its researchers have just discovered a whole new category of spyware.

According to Sunbelt Software, this new type of spyware was developed on the basis of CoolWebSearch, an extremely dangerous spyware trojan that could change all Internet Explorer configuration parameters, set the forwarding homepage. Go to 'black' sites.

'Inheritance' of CoolWebSearch, VX2 / Transponder and an unknown type of trojan, this new spyware is also capable of exploiting Internet Explorer security vulnerabilities to break in and install itself. on users' computers to steal sensitive information such as bank accounts, login information, credit card information .

Sunbelt president Alex Eckelberry said the new type of spyware after infecting computers will read and restore data in Protected Storage (Protected Storage).

Windows XP operating system uses Protected Storage to store all kinds of information such as AutoComplete web addresses, passwords, etc., or the kind of information that you often see IE automatically enter for you in the address bar or the forms above. web.

There is currently no solution against this completely new spyware. But users can use another alternative browser - like Firefox - that can still be safe from their spread. This 'immunity' is obtained because Firefox does not save data to Protected Storage.

Meanwhile, Webroot has announced that it has detected a dangerous type of spyware on the other hand.

Last week, Webroot's researchers discovered a UPX compressed file containing a new variant of SARS trojan. However, it seems that the cover of the compressed file has not yet created SARS security, so the trojan 'decided to' hide himself in the German text 'ein Volk, ein REICH, ein Fuhrer !!! ' (One person, one nation, one leader) - a famous quote by Adolf Hitler. The text has been encoded into ASCII format.

The new variant of SARS trojan is really dangerous.Once infected with computers, this type of trojan will occupy a permanent location in dynamic memory, hiding itself in the background and waiting for an opportunity to attack.If you discover any secure connection (secure connection), immediately the trojan will operate and "merge" it into that connection to send a report to the central server of the hacker.