Oy vey, if people would only read this blog or contact us before jumping to conclusions.
Of course it isn’t.
Hello, people, we never said it was CoolWebSearch. The call back to the remote server was found during a CoolWebSearch infestation.
Furthermore, when we finally got a hold of the keylogger, we clearly stated that the keylogger is a new variant of the Dumaru/Nibu trojan (and a nasty piece of work).
Also, all the infections we’ve found are on unpatched Windows systems. Link here.