Cool Web Search: The Ebola of Adware

Yesterday I promised to reveal the most prevalent adware onthe Internet. It will come as nosurprise that it is Cool Web Search.

Yesterday I promised to reveal the most prevalent adware on the Internet. It will come as no surprise that it is Cool Web Search. Of course there are many versions of this nasty piece of work.

 

Here is the break down from the most recent Webroot Spy Audit results. Out of 1.49 million machines:

 

 

 

Version

 

Number of machines

Total infections

CoolWWW

 

227,513

40,463,721

CWS AboutBlank

 

187,246

33,302,141

CWS sp.html hijack

 

7,439

1,323,044

CWS_AnalyzeIE

 

7,569

1,346,164

CWS_Cassandra

 

6,860

1,220,067

CWS_Directwebsearch Hijacker

 

9,904

1,761,450

CWS_Ehttp Hijacker

 

16,978

3,019,577

CWS_Hputi

 

9,130

1,623,792

CWS_iesprt

 

5,616

998,819

CWS_mailhook

 

5,203

925,366

CWS_NS3

 

167,897

29,860,876

CWS_NS3 Hijacker

 

57,123

10,159,460

CWS_xplugin

 

9,732

1,730,859

 

 

 

 

Total CWS

 

718,210

127,735,336

 

Half of all machines on the Internet are infected with Cool Web Search. Yesterday I used some data that is available on revenue generating capability of adware to project what each of the adware vendors are doing in terms of annual revenue. If I were to use the same numbers to calculate CWS’s revenue it would be well over $200 million. It is hard to imagine an illicit group of hackers garnering that sort of revenue. I suspect that CWS is much worse at maintaining consistent revenue per infection because it is the Ebola of the Internet. It is so malicious that it tends to break the ability of a machine to browse effectively and therefore limits the number of ads and click-throughs that can be generated. Like Ebola, it kills its host before it can be productive.