Products Support Partners Company News    
Press Releases
Events
Whitepapers
Media Kit
 
 

InterMute > News > Press Releases

Press Contacts:

Michael Sweeny
Public Relations Director michael_sweeny@trendmicro.com Tel: +1 (408) 863-6384
Fax: +1 (408) 863-6525

Davida Dinerman/Laura Ackerman
Schwartz Communications
(781) 684-0770
intermute@schwartz-pr.com

Printer Friendly Version

InterMute’s CWShredder™ Now Defeats Polymorphic
and other Variants of CoolWebSearch

CoolWebSearch Spyware Becoming More Sophisticated

BRAINTREE, MA — February 15, 2005— InterMute Inc., a leading developer of best-in-class PC protection and productivity software for corporations and consumers, today announced an updated release of CWShredder™ that defeats new variants of CoolWebSearch spyware. CWShredder v. 2.13 now includes the ability to detect and remove Look2Me, a variant of CoolWebSearch spyware that defies attempts to manually remove it from an infected PC. This tenacious browser hijacker wreaks havoc with IT administrators that attempt manual removal because Look2Me removes the required account privileges.

InterMute is exhibiting at the RSA Conference (Booth 1907) in San Francisco this week.

Look2Me is an example of a new generation of “polymorphic” spyware, which continuously changes its filename and other identifying characteristics each time the user logs on and off the infected PC. Once it becomes resident on a PC, Look2Me runs inside a critical Windows process (i.e., hooking into Winlogon.exe) and operates in stealth mode, never appearing in the Windows Task Manager’s process display. Look2Me exploits a Microsoft operating system feature that allows programs to be notified when a user logs in or logs off.

One of Look2Me’s primary functions is to hijack users’ Web browsers by changing the TCP/IP “hosts” file. When the users try to visit a search engine’s Web site, their browser instead becomes redirected to a bogus search site. Once it has gained control of a PC, Look2Me also downloads and installs other spyware programs. Consistent with the trend of ever-increasing technical sophistication exhibited by spyware, Look2Me demonstrates a strong self-preservation capability. If it detects a partial removal of its software or components, it will re-download and re-install itself. Attempts to remove the other spyware downloaded by Look2Me trigger Look2Me to continuously restore the removed spyware to their systems.

InterMute’s CWShredder focuses on defeating the many new and increasingly sophisticated variants of CoolWebSearch spyware. This includes defeating the notorious “HomeSearch” browser hijacker. HomeSearch is implemented as a BHO (browser helper object) and installs itself with the load process along with Internet Explorer. HomeSearch also exhibits self-preservation and camouflaging behaviors by randomly renaming itself and its components to avoid detection.

CWShredder defeats another notable CoolWebSearch spyware variant that attempts to prevent users from viewing the Windows Task Manager, so they cannot see the processes that are running on their PC. This variant also prevents users from running the Windows Regedit program, a tool commonly used by tech-savvy professionals to edit the Windows registry in hopes of manually removing spyware. Adding insult to injury, some variants of CoolWebSearch spyware provide an uninstaller which, instead of removing the offending software, actually installs more spyware onto the infected PC. This “brotherhood of spyware” opens doors to invite new spyware guests onto a computer.

“The level of technical prowess demonstrated by the developers of new CoolWebSearch variants is as impressive as it is disturbing. Spyware is demonstrating a resistance to removal that is reaching new heights. InterMute’s CWShredder and SpySubtract anti-spyware products are continually enhanced to deal with the deep, technical sophistication discovered in these new threats,” said InterMute CEO and Founder Ed English.

InterMute is the only anti-spyware company that develops a dedicated anti-CoolWebSearch solution. With the built-in reporting capabilities of CWShredder, InterMute receives early-warning notifications of CoolWebSearch variants.

CWShredder is one of the core technologies that fuels InterMute’s Anti-Spyware Solution Set, including SpySusbtract® Enterprise Edition and SpySubtract® PRO. CWShredder is available as a free download from InterMute’s Web site at www.intermute.com

About InterMute

Founded in 1999 and privately held, InterMute is a leading provider of software that ensures PC protection and productivity for organizations and consumers. Web intrusions like spyware and multimedia advertisements not only disrupt employee productivity and compromise the security of personal and corporate information but also burden IT organizations’ limited resources. InterMute’s anti-spyware and Web content filtering solutions eliminate the most tenacious and difficult-to-remove spyware. InterMute is based in Braintree, MA. For further information, visit www.intermute.com

InterMute and its products are trademarks or registered trademarks of InterMute, Inc. All other trademarks or registered trademarks are the property of their respective owners.

 
 
Products | Support | Partners | Company | News   Copyright (c) 1989-2005 Trend Micro Incorporated. All rights reserved.
InterMute - The Web Your Way