Cool Web Search: The Ebola of Adware
Yesterday I promised to reveal the most prevalent adware on the Internet. It will come as no surprise that it is Cool Web Search. Of course there are many versions of this nasty piece of work.
Here is the break down from the most recent Webroot Spy Audit results. Out of 1.49 million machines:
Version |
| Number of machines | Total infections |
CoolWWW |
| 227,513 | 40,463,721 |
CWS AboutBlank |
| 187,246 | 33,302,141 |
CWS sp.html hijack |
| 7,439 | 1,323,044 |
CWS_AnalyzeIE |
| 7,569 | 1,346,164 |
CWS_Cassandra |
| 6,860 | 1,220,067 |
CWS_Directwebsearch Hijacker |
| 9,904 | 1,761,450 |
CWS_Ehttp Hijacker |
| 16,978 | 3,019,577 |
CWS_Hputi |
| 9,130 | 1,623,792 |
CWS_iesprt |
| 5,616 | 998,819 |
CWS_mailhook |
| 5,203 | 925,366 |
CWS_NS3 |
| 167,897 | 29,860,876 |
CWS_NS3 Hijacker |
| 57,123 | 10,159,460 |
CWS_xplugin |
| 9,732 | 1,730,859 |
|
|
|
|
Total CWS |
| 718,210 | 127,735,336 |
Half of all machines on the Internet are infected with Cool Web Search. Yesterday I used some data that is available on revenue generating capability of adware to project what each of the adware vendors are doing in terms of annual revenue. If I were to use the same numbers to calculate CWS’s revenue it would be well over $200 million. It is hard to imagine an illicit group of hackers garnering that sort of revenue. I suspect that CWS is much worse at maintaining consistent revenue per infection because it is the Ebola of the Internet. It is so malicious that it tends to break the ability of a machine to browse effectively and therefore limits the number of ads and click-throughs that can be generated. Like Ebola, it kills its host before it can be productive.