Oy vey, if people would only read this blog or contact us before jumping to conclusions.
iDefense, which was recently acquired by Verisign, has analyzed the code for the keylogger we reported on and has released a statement that they have determined “it’s not CoolWebSearch code”.
Of course it isn’t.
Hello, people, we never said it was CoolWebSearch. The call back to the remote server was found during a CoolWebSearch infestation.
Furthermore, when we finally got a hold of the keylogger, we clearly stated that the keylogger is a new variant of the Dumaru/Nibu trojan (and a nasty piece of work).
Also, all the infections we’ve found are on unpatched Windows systems. Link here.
Alex