Update: See latest blog entries to get the latest info on this little bugger.
I’ve got some people asking me what to do to verify that they don’t have this keylogger.
The FBI is acting very aggressively on the matter, which then puts us in the odd position of needing to remain quiet about the details. This is a different type of trojan than others, because of the fact that researchers were able to see the data coming in.
So get a software firewall in place that has outbound protection. Try Sygate’s free one. Most antispyware or antivirus programs will not likely have caught this thing (as of 8/10, Symantec, McAfee and Panda don’t detect it, but there are a number of others that do, like Kaspersky and BitDefender. Lavasoft may have a fix as well, and we have shared the data with WebRoot and other security companies).
Then, update to the latest patches in WindowsUpdate. We’ve found that your chances of getting infected go up dramatically if you’re not patched.
Note that a software firewall is not a guarantee, due to the way this thing operates.
This keylogger is not CoolWebSearch. It was discovered during a CoolWebSearch (CWS) infestation, but it actually is its own sophisticated criminal little trojan that’s independent of CWS.
An antispyware or antivirus program will likely not catch it—and to our knowledge, there are none out there that can detect this thing through a scan of the system. So if you think I’m trying to sell CounterSpy through this news, find another conspiracy story to go after. We had one infected user we found who was quite sophisticated and ran all kinds of scans with various products, to no avail.
Anyway, we’re working on a free fix to get out to people which will be ready in the next 24 hours. But really, for the time being, just get a software firewall in place. It really will help block this thing from being able to do anything (with the caveat noted above).
If you find you’re infected, turn off the computer and start calling your banks, paypal, eBay, credit card companies, whatever.
Oh, and for AV? If you’re on a budget, just use Grisoft’s free one.