Google mistype security nightmare
Latest scam throws Trojans at your PC.
By John Dunn | Techworld | Published: 15:19, 29 April 2005
A malicious website is preying on people who mistype Google into their Web browsers.
Anyone who accidentally types "googkle.com" [do NOT attempt this - Ed], an easy-to hit misspelling of the domain name, will find themselves on the receiving end of a nasty cyber-jacking, or "Google-jacking" as perhaps it should be more accurately termed.
The site will automatically install a wide range of malware on to the user’s computer, mostly Trojan-based backdoors, proxies, downloaders, and droppers. Adding insult to digital injury, it also infects a PC with adware. The website will infect Windows PCs using any browser, so this is not simply a problem for Internet Explorer users.
Unearthed by anti-virus company, F-Secure, anyone unlucky enough to find themselves visiting this site will first encounter two pop-up windows which link to the websites ntsearch.com and toolbarpartner.com [again, do NOT visit these sites - Ed]. This starts a chain of infection through which a blizzard of files are downloaded and installed from these and at least one other website.
Once a PC has been infested with this malware, access to named anti-virus companies - Kaspersky, McAfee and Symantec - is also blocked, so users can’t even update their protection. It is not known how many of the malware programs would be blocked by the current versions of leading anti-virus software suites, but it is wise to assume that anyone who has not recently performed an update could be at risk.
One of the Trojan programs is described by F-Secure as attempting to steal online banking information, so the whole scheme appears to be based on financial gain rather than nuisance hacking. The site is believed to be the work of Russian criminals. The domain is listed as being owned by a Sergey Gridasov who gives St Petersburg as his address.
This type of infection scam is not a new phenomenon and has become a common trap for visitors to some porn websites. Since most people don’t usually browse such websites, using a misspelled version of the most visited website on the Internet has to count as a dastardly innovation. Expect more variations on this trick.