Be Careful When Searching The Web

Spookie

Apr 27 2005, 12:44 PM

Summary

F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine - 'Google.com'. If a user opens a malicious website, his/her computer gets hijacked - a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed.

The name of the malicious website is 'Googkle.com'. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities.

More info located here

GSecur

Apr 27 2005, 03:21 PM

What browsers are effected by the vulnerabilities

edward5

Apr 27 2005, 07:42 PM

QUOTE(Spookie @ Apr 27 2005, 12:44 PM)

Summary

F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine - 'Google.com'. If a user opens a malicious website, his/her computer gets hijacked - a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed.

The name of the malicious website is 'Googkle.com'. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities.

More info located here

Good Info and great info about Fsecure. I have not seen this problem but have programmed my embedded controller to my firewall to block this site.

Ed

whiskah

Apr 27 2005, 09:19 PM

QUOTE(GSecur @ Apr 27 2005, 11:21 PM)

What browsers are effected by the vulnerabilities

IE i suppose..just went their with Opera 8..my AVS/IPS/FW(NOD32,PREVX,OUTPOST) arent reporting any crazy connections or installations/modifications..or i might be wrong..going 4 a clean sweep later

nuorder

Apr 27 2005, 10:05 PM

Yes looks like its IE based after testing it on an unpatched SP1 and reading the advisory.

ladykidtwist

Apr 29 2005, 12:53 AM

i'll spread the news, so that others will be warned!!! thank you

AdmiralB

Apr 29 2005, 06:33 AM

erm its closed down i think

GhostShell

May 11 2005, 08:55 PM

Just shows you that there are people out there waiting for you to make the smallest mistake. So they can proceed with their malicious intensions but then again all of us here knew that

. Hopefully sys admins will read this and tell users to be carefull when typing in the URL. thank you for the news and alerting the people who usually dont think twice

(GS)


Help - Search - Member List - Calendar Full Version: Be Careful When Searching The Web GovernmentSecurity.org > General GSO > In The News Spookie Apr 27 2005, 12:44 PM Summary F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine - 'Google.com'. If a user opens a malicious website, his/her computer gets hijacked - a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed. The name of the malicious website is 'Googkle.com'. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities. More info located here GSecur Apr 27 2005, 03:21 PM What browsers are effected by the vulnerabilities edward5 Apr 27 2005, 07:42 PM QUOTE(Spookie @ Apr 27 2005, 12:44 PM) Summary F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine - 'Google.com'. If a user opens a malicious website, his/her computer gets hijacked - a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed. The name of the malicious website is 'Googkle.com'. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities. More info located here Good Info and great info about Fsecure. I have not seen this problem but have programmed my embedded controller to my firewall to block this site. Ed whiskah Apr 27 2005, 09:19 PM QUOTE(GSecur @ Apr 27 2005, 11:21 PM) What browsers are effected by the vulnerabilities IE i suppose..just went their with Opera 8..my AVS/IPS/FW(NOD32,PREVX,OUTPOST) arent reporting any crazy connections or installations/modifications..or i might be wrong..going 4 a clean sweep later nuorder Apr 27 2005, 10:05 PM Yes looks like its IE based after testing it on an unpatched SP1 and reading the advisory. ladykidtwist Apr 29 2005, 12:53 AM i'll spread the news, so that others will be warned!!! thank you AdmiralB Apr 29 2005, 06:33 AM erm its closed down i think GhostShell May 11 2005, 08:55 PM Just shows you that there are people out there waiting for you to make the smallest mistake. So they can proceed with their malicious intensions but then again all of us here knew that . Hopefully sys admins will read this and tell users to be carefull when typing in the URL. thank you for the news and alerting the people who usually dont think twice (GS) This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.