 sj |
||
|
||
Virus Warning - gookle.com
|
|
|
|||||||
|
Virus Warning - gookle.com |
Share Thread
|
||||||
|
Subject: Virus Warning - gookle.com From: nutty Date: 09 May 05 - 04:16 PM This spoof Google search engine site apparently holds a virus that can disable firewalls and anti-virus software and cause immense damage to computer systems. DO NOT ... be tempted to have a look as my college tutor was. He is still trying to clear up the mess. |
|
Subject: RE: Virus Warning - gookle.com From: GUEST Date: 09 May 05 - 05:11 PM Nutzer die sich vertippen und statt Google.com Gookle.com eintippen erleben ... Computer der Nutzer die sich auf Gookle.com verirren werden gehijackt |
|
Subject: RE: Virus Warning - gookle.com From: JohnInKansas Date: 09 May 05 - 05:12 PM This may be the same one that was noted a couple of weeks ago, although the "fake" URL was given as "googkle.com" in official reports that have been around. Some info at Beware How You Google at eWeek, By Ryan Naraine, April 27, 2005. The AV people are treating this as what's called a "typosquat" ruse. There have been a number of cases where someone has registered a URL that's one letter different than a legitimate one, in hopes of catching "accidental" mistypings. Sometimes it's just a joke, as in the spoof of Whitehouse.gov - the real one, and Whitehouse.com - a porn site. A red-hat.com spoof of Redhat.com recently caught a few Linux users. The googkle.com thing is a particularly nasty one, if the initial malware download is achieved, since it starts a sequence of popups and misdirects leading to a whole web of malware sites, each of which adds new malware programs and "features." Initial round(s) of infection once it gets started include 2 backdoors, 2 Trojan droppers, a proxy Trojan, a spy Trojan, and a Trojan downloader to be used in subsequent rounds. If the infections are not stopped, the Trojan downloader will get a file that blocks access to several AV site, then issues a fake virus warning. When you try to contact one of the blocked AV sites, you're redirected to another fake site that "promises virus protection, but that adds another round of infections. Multiple fake sites that the toolbars and popups redirect you to actually install an adware installer, toolbar.exe, which in turn installs the spyware toolbar "Perez." WinXP SP2 should have blocked the exploits used in the initial infection steps, and hence WinXP SP2 users shouldn't have to worry. Microsoft asserts that "users of supported software" who have current updates should also be immune, but it must be noted that Win98 is NOT supported software in this context. John |
|
Subject: RE: Virus Warning - gookle.com From: McGrath of Harlow Date: 09 May 05 - 08:42 PM At least g and k are far enough away from each other on thekeyboard that even a sloppy typist like me would be unlikely to key in the wrong letter by accident. goofle would have been worse. Or gogole or goolge. |
|
Subject: RE: Virus Warning - gookle.com From: GUEST Date: 09 May 05 - 11:56 PM ..unless you typed the k while trying to type the l as in googkle.com - the site referred to in J in K's post. The k and the l are right next to each other on the keyboard and this happens all the time. |
|
Subject: RE: Virus Warning - gookle.com From: Stilly River Sage Date: 10 May 05 - 12:42 AM If you download the legitmate Google toolbar then you won't be typing in google in the address line, you'll just move your mouse to the form in the toolbar and type what search terms you're looking for. Sounds like the bogus site should be nuked. SRS |
|
Subject: RE: Virus Warning - gookle.com From: JohnInKansas Date: 10 May 05 - 02:15 AM The "typosquat" thing has been pretty well known since about 1990, but seems to have made something of a comeback recently. While it's pretty easy to come up with variations on legitimate web addresses that might be frequently mistyped, in most cases there has to be a vulnerability, usually in your browser, that can be exploited to get malware on your machine when you open the "bad page." Most of the recent attempts using this method have been aimed at exploits that only work with OS/browser combinations that are "less than current." There is some opinion that patches on IE and current Windows versions have made them sufficiently less vulnerable that the exploiters are falling back to attacks on older systems. There are still a lot of Win98 users around, and it's been "phased out" so the latest patches are only availabe for "really nasty" stuff. If the apparent current trend continues, it may become really difficult to keep your old machines - with old OS - safe to operate on the web. The most damaging recent exploits tend to rely on expoiting the operating unit in front of the keyboard. There seems to be a real difficulty with programing that system to avoid malware consistently. There's a relatively new name for the problem. They're called "social exploit" methods. John |
|
Subject: RE: Virus Warning - gookle.com From: JohnInKansas Date: 10 May 05 - 08:59 PM As the most closely related thread currently open, it seems appropriate to suggest that ANYONE USING FIREFOX should visit the thread: Tech: FIREFOX USERS CRITICAL ALERT. Within the past few days, Mozilla/Firefox have issued warnings about vulnerabilities found in Firefox. The code for exploiting them has been published on the web. Partial fixes are available, and more will come. Firefox users may have missed the three other security fixes issued recently, and may need to look for updates. This new one is the first Firefox vulnerability to receive an "extremely critical" rating from the AV guys, and you need to pay attention. John |
| Share Thread: |