dinowuff
April 28th, 2005, 01:44 PM
From Sans http://isc.sans.org/diary.php
Reader Alan Phelps wrote in this morning to alert us to a malicious site that has registered a domain that might be entered as a typo for google.com. DO NOT VISIT THIS SITE! Visiting this site installs about 49 pieces of spyware, uses the local hosts file to block access to popular anti-virus websites, and offers a link to a website that sells AV and anti-spyware tools with the slogan "We help people"... No comment.
Administrators might want to do a quick check on their DNS cache records to see if any users have resolved anything matching "googkle" lately, and then have field support visit the (likely) infested workstations.
Reader Alan Phelps wrote in this morning to alert us to a malicious site that has registered a domain that might be entered as a typo for google.com. DO NOT VISIT THIS SITE! Visiting this site installs about 49 pieces of spyware, uses the local hosts file to block access to popular anti-virus websites, and offers a link to a website that sells AV and anti-spyware tools with the slogan "We help people"... No comment.
Administrators might want to do a quick check on their DNS cache records to see if any users have resolved anything matching "googkle" lately, and then have field support visit the (likely) infested workstations.