Scheme preys on people who mistype 'Google.com'

By Matt Hines, News.com
Posted on ZDNet News: Apr 27, 2005 3:51:00 PM

Security researchers have discovered an attack aimed at would-be visitors to Google.com, one that attempts to download malicious programs onto the computers of people who simply mistype the search giant's Web address.

According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to "Googkle.com." The scheme is meant to take advantage of sloppy or hurried typists, given that on most keyboards the letter "k" key sits next to the "l" needed to type "Google."

Google representatives said the company had no comment on the matter for the time being.

In the past, the company appears to have made moves to protect its users against mistyping errors. If a person puts an extra "o" in Google's URL, they are simply redirected to the company's homepage. On the other hand, if someone mistakenly adds a fourth "o" to Google, they are directed to USseek.com, a Web portal that offers pop-up advertising for an online casino.

In an advisory, F-Secure strongly advises people not to go to Googkle.com. People who do so will see two pop-ups linked to Web sites that install the Trojan programs. One of the programs is a phishing-style Trojan that attempts to garner individuals' online banking information, while another drops phony antivirus alerts on the victim's desktop that attempt to lure people to other infected Web sites.

While relatively low-tech in terms of its social engineering, the URL mistype attack is an approach that has long been incorporated by many different kinds of Internet opportunists, from legitimate companies trying to steal traffic from their rivals or simply piggyback on the success of larger companies, to criminals looking to misrepresent themselves and trick consumers into handing over personal data.

In one of the most famous instances of URL deception, the site hosted at Whitehouse.com for several years was an advertisement for pornography, not a link to the office of the president, whose official site is Whitehouse.gov.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 129 Talkback(s)

Thread View
Flat View

Message has been deleted.: (Read the rest); Posted by: vapor13@... Posted on: 04/27/05 (Edited: 07/26/2007 @ 06:19) You are currently: Logged In | Log out

Bad user, no cookie! Real World | 04/27/05

True, but the 3rd line of defense does not exist within Windows. Xunil_Sierutuf | 04/27/05

But with Longhorn... nucrash | 04/27/05

But with Longhorn ????? sometime | 04/28/05

it does? JoeMama_z | 04/27/05

Russian muffia AGAIN shfy70 | 04/27/05

On the other hand..... cicuta | 04/27/05

MUFFIA is just as appropriate... roo_z | 04/27/05

yeah, wouldnt it be kgb? lol linuxoverwindows | 04/28/05

Russians? walterreads@... | 04/27/05

profiling? linuxoverwindows | 04/28/05

wow way to be tolerant buddy ilyaalt | 04/27/05

Ping googkle.com and do a safe browse... Uncle Buck | 04/28/05

How do you identify those pesky Russki's G Fedorchuk | 05/10/05

Google not alone amaughan | 04/27/05

micorsoft.com gregry | 04/27/05

another one to try on firefox linuxoverwindows | 04/27/05

tried googkle.com on firefox... linuxoverwindows | 04/28/05

And of course ... coffeenite | 04/27/05

Don't type www.ahead.com for Nero either jlfose@... | 04/27/05

i think i went there before looking for nero... linuxoverwindows | 04/27/05

An ounce of prevention Neil Parks | 04/27/05

Still? gregry | 04/27/05

it can be done at the root server level, i believe... linuxoverwindows | 04/27/05

DNS isn't centralized. Atmos42 | 04/27/05

(Still?) It's not the DNS walterreads@... | 04/27/05

i think... linuxoverwindows | 04/28/05

The bad guys OWN the domain name. bugmenotznet | 04/27/05

Jusut lerrn to tipe porpperly. pmajon | 04/27/05

typng barry@... | 04/27/05

Typing Carrion | 04/27/05

Shows to go you Squawkbox | 04/27/05

eye wander... linuxoverwindows | 04/28/05

How do I get rid of this crap sjf@... | 04/27/05

to sjf to get rid of history crap bobboinsani | 04/27/05

Try This Squawkbox | 04/27/05

it almost sounds like... linuxoverwindows | 04/28/05

Desktop problem milton@... | 04/27/05

An easy solution RealAusTech | 04/27/05

i dont know if you are joking, but ... linuxoverwindows | 04/28/05

RE: How do I get rid of this crap LaSenorita | 04/28/05

Good program edbytes@... | 04/28/05

Bad tYpnig alfamale | 04/27/05

Don't type www.ahead.com for Nero either vapor13@... | 04/27/05

Adaware's TeaTimer linuxoverwindows | 04/28/05

Fat-finger that URL papatator | 04/27/05

but... linuxoverwindows | 04/28/05

RE: Russian Muffia vapor13@... | 04/27/05

google gen linuxoverwindows | 04/28/05

dont think ive ever mistyped gooogle... linuxoverwindows | 04/27/05

Firefox gregry | 04/27/05

well, for this test... linuxoverwindows | 04/28/05

Message has been deleted. vapor13@... | 04/27/05

A good reminder. jgkov | 04/27/05

Disagree ibabadur1 | 04/27/05

as much as we may want to can't blame bill for this 1 ToughT | 04/27/05

well... linuxoverwindows | 04/28/05

Same song Ted Bundy | 04/27/05

it depends... linuxoverwindows | 04/28/05

protect our own safety? linuxoverwindows | 04/28/05

RE: How do I get rid of this crap vapor13@... | 04/27/05

haxxZol - Thanks dfarrich@... | 04/27/05

How many people... Reverend MacFellow | 04/27/05

Only Interner Explorer users. High Sierra | 04/27/05

i went, of course :P linuxoverwindows | 04/28/05

RE: How many people... vapor13@... | 04/27/05

aww, come on ... linuxoverwindows | 04/28/05

Revoke the domain owners rights deepee912 | 04/27/05

RE: Revoke the domain owners rights Tellco | 04/28/05

hell, microsoft didnt even need this much reason linuxoverwindows | 04/28/05

Safe with Firefox electro@... | 04/27/05

googkle or googkle.com? linuxoverwindows | 04/28/05

Don't type goggle.com or goggle,ca dwilder@... | 04/27/05

just a disclaimer linuxoverwindows | 04/28/05

Windows XP Service Pack 2 cathiemontana | 04/27/05

Several possibilities RealAusTech | 04/27/05

Problems with XP SP2? bobjones68@... | 04/28/05

cdburner linuxoverwindows | 04/28/05

bu-bu-whaaaaa? linuxoverwindows | 04/28/05

type google only once! elvee | 04/27/05

or better yet... linuxoverwindows | 04/28/05

Why pick on Russia? Virupa | 04/27/05

that will work linuxoverwindows | 04/28/05

Judge not... Gyaunt | 04/27/05

Re: Judge not... dkmke | 04/27/05

who? linuxoverwindows | 04/28/05

mixed information linuxoverwindows | 04/28/05

Good point G Fedorchuk | 05/10/05

Don't Think You're Safe Using Firefox! Sugarat_z | 04/27/05

Even Firefox on OS/2? n3jja | 04/27/05

lmao - but dont forget linux :P linuxoverwindows | 04/28/05

Oh yes, I'm safe cburneci@... | 04/28/05

which os? linuxoverwindows | 04/28/05

In the words of Walt Mossberg... Linux_Developer | 05/02/05

mistyping Google murrysc@... | 04/27/05

not me, i get too rushed linuxoverwindows | 04/28/05

Should use Unix or Linux on the Web pebear | 04/27/05

More issue about mistype Paulo_z | 04/27/05

Sorry my mistake! Paulo_z | 04/27/05

Make a shortcut or bookmark renwickd@... | 04/27/05

popups salemgrad | 04/27/05

ad-aware and spybot linuxoverwindows | 04/28/05

WFS is real and spreading! You may be next flan4u | 04/27/05

fat finger Ted Bundy | 04/27/05

bigger keyboards linuxoverwindows | 04/28/05

Use a Google Toolbar.. Problem Solved G_S | 04/27/05

bah! linuxoverwindows | 04/28/05

Easy & Permanent Fix(for Windows users)!! kelt686 | 04/27/05

or.. linuxoverwindows | 04/28/05

MAKE THE INTENT TO INSTALL MALICIOUS SOFTWARE A CRIME DRLDEV | 04/28/05

Give them time... Tellco | 04/28/05

well... linuxoverwindows | 04/28/05

My Password s_gamgee | 04/28/05

strange password... linuxoverwindows | 04/28/05

Google.com DJR1085@... | 04/28/05

one wierd thing... linuxoverwindows | 04/28/05

Goggle is another form LaSenorita | 04/28/05

Win Xp SP 2 LaSenorita | 04/28/05

Windows XP SP2 and Internet Explorer johnnybluenote | 04/28/05

how brown is your nose? linuxoverwindows | 04/28/05

Change home page AZson | 04/28/05

Wow, spell check for addressing FilledOut | 04/28/05

My 2 cents jp_z | 04/28/05

how can you even... linuxoverwindows | 04/30/05

how about be done with it Maartje | 04/30/05

Whitehouse.com martin.blundell@... | 05/03/05

a novel approach raymondftz | 05/05/05

Watch out for www with no dot just1vet | 01/19/06

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry