Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

CastleCops Takedown – Bad Guys Win (Again)

The odds are good that you never heard of CastleCops. Unless, of course, you were infected by a cybercriminal’s piece of malware* and turned to the Web for help.

castlecops_logo was one of those “good guys” sites, dedicated to combating the cybercrime that is threatening to render the Internet too unsafe to surf. (Many consider it that way already, btw.) It was, amongst other things, one of the places you could post your HiJack This! logs, and a volunteer team of antimalwareologists¹ would walk you through the steps to removing difficult infections.

There are “good guys” (aka “whitehats”) out there, and there are bad guys. CastleCops was definitely on the side of justice and good. Education and collaborative information sharing were among CastleCops highest priorities. They had been achieved by training the volunteer staff in their anti-malware academies and through additional services including CastleCops forums, news, reviews, and continuing education.

Which made them a target.

I guess I really shouldn’t have been surprised when I dropped in and saw this..
You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created. (click here to read the rest..)
PST 23 Dec 2008

This can only be construed as one more victory for the blackhats (whether or not CastleCops fell victim to direct attack.. such as DoS, as I’ve good cause to suspect). Some days, I get to feeling.. we’re not only losing the battles.. we’ve lost the war.

* virus, worm, trojan, “rogue antivirus”, (See Is that anti-spyware program really spyware?) etc.
¹ A word I made up to describe a person who studies the art of malware infection removal.. like, me. Not yet in Webster’s.

[note: though I am late, I would like to thank those folks who volunteered their time and talents at CastleCops. A big tip of my geek hat to you all.]shlogo_sm

[update: I have been informed that many of the wonderful antimalwareologist are now performing their generous deeds on SpywareHammer. Please see the Comments section for more.]

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

February 3, 2009 - Posted by | computers, cyber crime, hackers, Internet, News, security, tech | , , , , , , , , , , ,


  1. Thank for this timely article.

    It does seem as if the bad guys are getting, and keeping, the upper hand. This points out, to me, how very valuable your site is in providing the type of information that helps keep all of us safer while surfing through the jungle that the Internet has become.



    Comment by Bill Mullins | February 3, 2009 | Reply

    • Thank you, Mr. Mullins.
      Actually, I feel bad as I was late in noticing CastleCops’s demise.. but putting that aside, it does (it seems to me) highlight the fact that the cybercriminals are organized and well financed and determined to steal our money.. and are not afraid to “elimate” those that stand in their way.

      I don’t want my readers getting too depressed, but I do think it’s vital that they are aware of the nature of the Web, and thus exercise caution and ‘immunize’ their machines as much as possible.


      Comment by techpaul | February 3, 2009 | Reply

  2. Hi, Paul.

    You will be relieved to know that the demise of CastleCops was in no way related to a DDoS or any type of black or other color hat activity. Rather, Paul was hired by Microsoft and the family relocated to Washington State. An anticipated transfer of ownership did not occur and thus, the message that visitors are now presented with at CastleCops.

    The majority of the volunteers who provided help at CastleCops have long been found at other security forums and many have regrouped at SpywareHammer.




    Comment by Corrine | February 6, 2009 | Reply

    • Corrine–
      I thank you very sincerely for the clarifications. I was aware of Paul’s hire (my best to him there). I am particularly heartened to know that the volunteer “antimalwareologists” are continuing to fight the good fight elsewhere. I, for one, cannot say enough about their vital contributions.

      I will point my readers to SpywareHammer ( forums, and also allow me to recommend the SecurityGarden blog.”Get computer security news and information, help, tips and more at the Security Garden.”


      Comment by techpaul | February 6, 2009 | Reply

  3. Thank you, Paul.

    Your readers will find quality help at SpywareHammer.


    Comment by Corrine | February 6, 2009 | Reply

  4. I will second what Corrine has said about One of the saddest things about the difficulties Castlecops went through near the end was that people were frustrated by the site’s slowness/downtimes and were leaving. Spywarehammer provided a welcome refuge where friends could continue to maintain professional and social contact while helping people with malware problems. You will find that many of the people who were conducting the training that CC was famous for are still working together at SWH.

    CC had many other roles, of course. The anti-spam people are mostly at . The Firetrust support forums have their own site at . A lot of the wiki articles are being recreated at , including the Malware Removal and Prevention procedures.

    Unfortunately, the PIRT/MIRT/SIRT programs have not been recreated, but there is strong interest in doing so and many people are already working on it.


    Comment by AlphaCentauri | February 6, 2009 | Reply

    • AlphaCentauri–
      Thank you for taking the time to share this additional information. I was aware of SpywareHammer forums, and had found meritorious solutions there, but didn’t know that it had inherited folks from CastleCops… (the heroes I call “malwareologists”). I hope that the programs mentioned will see a rebirth.
      And, I hope you will keep me and my readers informed of “the good fight” developments.

      Please allow me to mention “This is a portal to connect you to a variety of online resources in the fight against spamming. But why fight spam?”, well, Dear Reader, click the link and find out.


      Comment by techpaul | February 6, 2009 | Reply

  5. I was a long-time staff member at CastleCops (6 years). Very sad to see it closed. I can affirm that the core CC staff are alive, well and active at SpywareHammer. CC helped enormously in research for a book published by two former CC staffers, Rootkits For Dummies (Wiley Publishing, 2007). The work begun with that book continues at SpywareHammer with forums to help people (for free) with rootkit problems. Thanks for speaking up with your blog. Looks good!


    Comment by Prince Serendip | February 6, 2009 | Reply

    • Prince Serendip–
      Allow me to say “THANK YOU!” for your efforts.
      Six years in the trenches.. I bet you have some stories to tell. (If you’re ever in the Silicon Valley area, I’d gladly buy you a cold one, and let you tell ’em.)

      I’ll have to get my hands on a copy of that title.. It had escaped my attention.
      Info on Rootkits for Dummies here.


      Comment by techpaul | February 7, 2009 | Reply

  6. And let me thank you, Paul, for taking the time to make a personal compliment regarding each person who posted here. (I was very pleasantly surprised that you looked up the domain name of the email address I entered when I posted, then added a link to the embryonic blog at that web address :))

    I’m sure that’s a characteristic that puts your non-techie clients at ease when they come to you for computer help.


    Comment by AlphaCentauri | February 7, 2009 | Reply

  7. Not a comment so much as a question…one of the many nice features at CastleCops was a staggeringly comprehensive list of registry entries, BHOs, searchhook and toolbar listings, etc. that I referenced constantly when doing HJT logs at the VirtualDoctor. They were more or less cross-referenced to the HJT category numbers. Has someone taken up where CastleCops left off with that?


    Comment by Lgbpop | January 9, 2010 | Reply

Post your Comment/Question

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: