Chinese Adware: Coopen

| | Comments (0)

Here's an interesting one - apparently from a Chinese Trojan bundle, "Coopen" places a media tool on your desktop, which rotates between desktop backgrounds and screensavers. At least your desktop hijack will be a visually striking multimedia experience!

http://blog.spywareguide.com/upload/2007/02/coopn5-thumb.jpg
Click to Enlarge

That's not all, however - the Coopen media player is really only the introductory salvo. From the same bundle, your desktop will end up with a non-closable box on it, which you can only kill off using Task Manager:

http://blog.spywareguide.com/upload/2007/02/coopn1-thumb.jpg
Click to Enlarge

The box itself mostly serves up an endless stream of high bandwidth adverts that seem to do nothing other than promote short movie clips and streamed video:

http://blog.spywareguide.com/upload/2007/02/coopn2-thumb.jpg
Click to Enlarge

There also seems to be a lot of popups from what appears to be some sort of social networking / blogging site:

http://blog.spywareguide.com/upload/2007/02/coopn3-thumb.jpg
Click to Enlarge

You can read more about Coopen here. Although Coopen itself is not particularly high risk - it's a media program rotating screensavers - it does illustrate how complicated things will be for researchers in the West as more of these programs start to appear, such as here where the researcher might not even know if the popup box is related to Coopen, or a different part of the same Trojan hijack. Is it Adware? Spyware? Malware? All one program, or different components doing different things (as is the case here). Is the intent behind it malicious, or is it supposed to serve some useful purpose? How do we track the money streams? Will we be able to penetrate the networks behind the scenes and work out who the key players are? Most importantly, what do we do when faced with a EULA containing six million Chinese characters?

Tough questions, and no easy answers in sight...

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: CC, and Chris Mannon, FSL Senior Threat Researchers

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on February 15, 2007 12:25 AM.

Homeland Land Security, FTC Certifications and Chinese Mysteryware was the previous entry in this blog.

FTC: Pop-up Ads, Failure to Disclose Rootkits Are Bad Business is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.