Jump to content
xisto Community
Sign in to follow this  
Followers 0
SoulFlower

Phishers Play Off Google.com

By SoulFlower, in Security issues & Exploits

Recommended Posts

SoulFlower    0

SoulFlower
Posted

Spyware authors and phishing scammers are using a technique almost as old as the Internet to draw unsuspecting users: Web sites purposefully designed to take advantage of typing errors.
Finnish security firm F-Secure has discovered a site just one letter different than Google.com that when accidentally visited, drops a slew of malicious software on users' PCs.

The site, and several affiliated sites, are registered to various Russian nationals, said F-Secure, which has alerted local authorities.

Visitors who stumble on the site by mistyping google.com are immediately presented with two pop-up windows linked to sites that in turn load executable files exploiting several Windows vulnerabilities. By the time the entire sad episode's over, the machine has been infected with two backdoor components, two Trojans that drop a pair of DLLs onto Windows, a proxy Trojan, a Trojan-style piece of spying that steals bank-related information, and Trojan downloader that can retrieve and install yet more malware.

To top it off, several pieces of less-malicious adware are added to the PC.

The Trojans want to stay put on the machine, said F-Secure, as evidenced by behavior such as modifying the Windows HOSTS file so that connections can't be made to several anti-virus firms' update sites. Some are also extremely cynical, for they cause pop-ups to appear on the screen that scream "VIRUS ALERT! YOUR PC IS INFECTED!" The fake alert includes a link to a site from which users can download various anti-virus and anti-spyware programs.

"The entire model for phishers is to re-route people to malicious Web sites," said Avivah Litan, research director with Gartner. "They've been using this technique for the last 18 months or so. It's definitely primitive -- most phishers have gone on to more sophisticated methods -- but it still works."

Misspelled domains have been used by the scabrous almost since URLs were created. Pornographers were among the first to adopt the tactic of registering domains that are slightly off legitimate sites' spelling, or play off confusion between. .com and .gov.

Whitehouse.com, for instance, was for years the accidental destination of millions who really wanted to visit Whithouse.gov. The simple mistake leads them not to Washington, D.C., but to a porn site that trafficked in "hot interns" and naked "first ladies." The site's owner sold the domain in 2004, saying that he was worried about what his young son would think of his business.

The bottom line, said Gartner's Litan, is that phishers and spyware planters "will try anything" to get victims to sites to steal identities or install malicious software.

"I talked to a major ISP just a couple of days ago," said Litan, who declined to name the Internet provider, "and they told me that they saw as many phishing attacks in the past week as they had in the whole month before.

"Phishing is much more vociferous than anyone believes," said Litan. "There's a tremendous amount of it that's going unreported."

Source : TechWeb


Be carefully from now to always -_-

Share this post

Link to post
Share on other sites

eXtreme    0

eXtreme
Posted

geez we can't never be safe when travelling on the web.. well whatever everyone's already know that..i mean if i make a typo when typing google (something that wouldn't happen me atleast with my PC as google is the home page -_-) i end up filling my system with adware..

Share this post

Link to post
Share on other sites

icemarle    0

icemarle
Posted

Goggle.com (Hehehe)Ahem, yeah I know about those scams. Especially the Whitehouse one. I don't usually type google.com anymore. I use Firefox's built-in search bar. Firefox saves me lots of time. But I'd say that's pretty much an evil way of doing it. Buying domains just for that? Tsk Tsk...

Share this post

Link to post
Share on other sites

wariorpk    0

wariorpk
Posted

This has happened to me before. I was going to a site to see if I didn't have any school, but instead I went to a site that just filled my comp up with spyware. Luckily I had the day off to run a few virus and spyware scans. Thanks for telling everyone.

Share this post

Link to post
Share on other sites

Hamtaro    0

Hamtaro
Posted

I've also seen this before...I was going to go to a Hamtaro fansite, and came across a porn site, accidentally. I forgot a small part of the URL, and it took me there. Who would have thought that I Hamtaro site could take you there? Still, it's no surprise to see someone doing it to Google now. I just don't see why they'd waste their time and money to do that stuff...I guess they're stupid.

Share this post

Link to post
Share on other sites

RGPHNX    0

RGPHNX
Posted

Hi all,THE solution to this phishing scam is to SECURE YOUR HOSTS FILE. That takes care of this type of problem ... once & for all !!!! -_- If they can't find your host file to modify it.. they can't attack your computer using this method.If you can't find info on how to do this.. just PM me & I'll find you a link.Hope this helpsRGPHNX

Share this post

Link to post
Share on other sites

serverph    0

serverph
Posted

thanks for the info. google is prominently bookmarked for me, for one-click access to google. -_- unless it is edited by others as a prank to match the mistyped one above, i won't be visiting that URL. and since i also use firefox, i can also simply use the google search on the search form embedded on the upper right corner of the firefox browser (along with yahoo, ebay, amazon, etc. search).i suggest you guys do the same to protect yourselves. :D sometimes, even an updated virus definitions can't catch the new ones thrown about as you traverse the digital superhighway. :D "an ounce of prevention is worth...", you know the rest. :D

Share this post

Link to post
Share on other sites

Odyssey    0

Odyssey
Posted

Its amazing what people will do to hack your computer. Luckily I got my computer secured with a software and hardware firewall. Just a few years ago, we never has this problem, and now is a huge wide spread problem.I use Mozilla Firefox so luckily I dont get any security breaches with my browser.And as stated above, make sure that you secure your host file found in C:\%systemroot%\System32\drivers\etc\ and that will make sure that you dont get hijacked.

Share this post

Link to post
Share on other sites

sonyguy    0

sonyguy
Posted

That happened to a friend of mine, she had to totally wipe her computer and re-install windows. She typed in some search engines web address wrong, I think it was Dog Pile. I always have firewalls running like Zone Alarm and Microsoft Anti-Spy. Shouldn't be much of a problem for me. Plus I use the embedded search engine for google, e-bay etc. in firefox

Share this post

Link to post
Share on other sites

snlildude87    0

snlildude87
Posted

I have the URL for the site to which this thread is referring, and I've been testing that site at school to see if it works (yes, I know, that's terrible, but it's not my computer :(), and I've found that the site doesn't work anymore...which means good news! :(

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept