Print This Story  Email This Story  Save this Link View PR Newswire's RSS Feed  Blogs Discussing this News Release  Search Blogs that Mention this News Release  Click this link to view linked Bookmarking Services Click this link to view linked Blogging Services

InterMute's CWShredder(TM) Now Defeats Polymorphic and Other Variants of CoolWebSearch
 
              CoolWebSearch Spyware Becoming More Sophisticated

    BRAINTREE, Mass., Feb. 15 /PRNewswire/ -- InterMute Inc., a leading
developer of best-in-class PC protection and productivity software for
corporations and consumers, today announced an updated release of
CWShredder(TM) that defeats new variants of CoolWebSearch spyware.  CWShredder
v. 2.13 now includes the ability to detect and remove Look2Me, a variant of
CoolWebSearch spyware that defies attempts to manually remove it from an
infected PC. This tenacious browser hijacker wreaks havoc with IT
administrators that attempt manual removal because Look2Me removes the
required account privileges.
    InterMute is exhibiting at the RSA Conference (Booth 1907) in San
Francisco this week.
    Look2Me is an example of a new generation of "polymorphic" spyware, which
continuously changes its filename and other identifying characteristics each
time the user logs on and off the infected PC. Once it becomes resident on a
PC, Look2Me runs inside a critical Windows process (i.e., hooking into
Winlogon.exe) and operates in stealth mode, never appearing in the Windows
Task Manager's process display. Look2Me exploits a Microsoft operating system
feature that allows programs to be notified when a user logs in or logs off.
    One of Look2Me's primary functions is to hijack users' Web browsers by
changing the TCP/IP "hosts" file. When the users try to visit a search
engine's Web site, their browser instead becomes redirected to a bogus search
site. Once it has gained control of a PC, Look2Me also downloads and installs
other spyware programs. Consistent with the trend of ever-increasing technical
sophistication exhibited by spyware, Look2Me demonstrates a strong self-
preservation capability. If it detects a partial removal of its software or
components, it will re-download and re-install itself. Attempts to remove the
other spyware downloaded by Look2Me trigger Look2Me to continuously restore
the removed spyware to their systems.
    InterMute's CWShredder focuses on defeating the many new and increasingly
sophisticated variants of CoolWebSearch spyware. This includes defeating the
notorious "HomeSearch" browser hijacker. HomeSearch is implemented as a BHO
(browser helper object) and installs itself with the load process along with
Internet Explorer. HomeSearch also exhibits self-preservation and camouflaging
behaviors by randomly renaming itself and its components to avoid detection.
    CWShredder defeats another notable CoolWebSearch spyware variant that
attempts to prevent users from viewing the Windows Task Manager, so they
cannot see the processes that are running on their PC. This variant also
prevents users from running the Windows Regedit program, a tool commonly used
by tech-savvy professionals to edit the Windows registry in hopes of manually
removing spyware. Adding insult to injury, some variants of CoolWebSearch
spyware provide an uninstaller which, instead of removing the offending
software, actually installs more spyware onto the infected PC. This
"brotherhood of spyware" opens the door to invite new spyware guests onto a
computer.

    "The level of technical prowess demonstrated by the developers of new
CoolWebSearch variants is as impressive as it is disturbing. Spyware is
demonstrating a resistance to removal that is reaching new heights.
InterMute's CWShredder and SpySubtract anti-spyware products are continually
enhanced to deal with the deep technical sophistication discovered in these
new threats," said InterMute CEO and Founder Ed English.
    InterMute is the only anti-spyware company that develops a dedicated anti-
CoolWebSearch solution. With the built-in reporting capabilities of
CWShredder, InterMute receives early-warning notifications of CoolWebSearch
variants.
    CWShredder is one of the core technologies that fuels InterMute's Anti-
Spyware Solution Set, including SpySubtract(R) Enterprise Edition and
SpySubtract(R) PRO. CWShredder is available as a free download from
InterMute's Web site at http://www.intermute.com.

    About InterMute
    Founded in 1999 and privately held, InterMute is a leading provider of
software that ensures PC protection and productivity for organizations and
consumers. Web intrusions like spyware and multimedia advertisements not only
disrupt employee productivity and compromise the security of personal and
corporate information but also burden IT organizations' limited resources.
InterMute's anti-spyware and Web content filtering solutions eliminate the
most tenacious and difficult-to-remove spyware. InterMute is based in
Braintree, MA. For further information, visit http://www.intermute.com.

    InterMute, SpySubtract and CWShredder are trademarks or registered
trademarks of InterMute, Inc.  All other trademarks or registered trademarks
are the property of their respective owners.

    Press Contacts:
     Christopher Leary
     InterMute
     (781) 356-0990
     cleary@intermute.com

     Davida Dinerman/Laura Ackerman
     Schwartz Communications
     (781) 684-0770
     intermute@schwartz-pr.com
SOURCE InterMute Inc.



Back to Topback to top

Related links:
  • http://www.intermute.com
    CONTACT:
    Christopher Leary of InterMute,
    +1-781-356-0990, cleary@intermute.com; or Davida Dinerman or
    Laura Ackerman both of Schwartz Communications, +1-781-684-0770,
    intermute@schwartz-pr.com
    www.technorati.com Blogs Linking to this News Release at Technorati
    Issuers of news releases and not PR Newswire are solely responsible for the accuracy of the content.
    Terms and conditions, including restrictions on redistribution, apply.
    Copyright © 1996- PR Newswire Association LLC. All Rights Reserved.
    A United Business Media company.