Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch
From: Times Enemy <times () krr org>
Date: Thu, 15 Sep 2005 12:17:35 -0700

Greetings.

I am not professionally involved with this, merely curious, which is my excuse for my current ignorance in this area.

Does the Microsoft (Giant) Antispyware application utilize the CasteCops list(s) of BHOs?

Up front, i am being lame and not rtfm'ing/researching this myself.

.times enemy


Paul Laudanski wrote:

CastleCops keeps and maintains various databases on malware and legitimate items for browser helpers objects, toolbars, startups, services, and activex objects. Thanks to the collaboration of many Team CastleCops Expert members, CC is frequently among the first to indentify and analyze a new emerging pest, and hence to add information on its components to the various Lists. We were for example the first to spot and categorize a new BHO co-responsible for an all new version of SpySheriff/PsGuard/SmitFraud, one of the most insidious and prevalent pests around: http://castlecops.com/tk6387-hp_tmp_random_char_or_digit.html CastleCops is also in progress of entering all BHOs pertaining to the notorious CoolWebSearch/HomeSearch parasite variant to its CLSID database list. That information is used to power publicly accessible applications such as (in addition to researcher based utilities):
BHODemon - http://www.definitivesolutions.com/bhodemon.htm
BHOList - http://merijn.org/downloads.html

The BHO database in its entirety is made available to the public here: http://castlecops.com/CLSID.html Source: http://castlecops.com/a6249-CastleCops_ramps_up_fight_against_CoolWebSearch_HomeSearch.html
http://castlecops.com/article-6249-nested-0-0.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]