-
May 26th, 2005, 11:04 AM
#1
Google.com vs goggle.com
Hello All,
I made the mistake of typing http://www.gmail.goggle.com (do try it yourself) as I was trying to access my GMail account and what I got is attached.
Looks like a honeypot to me but it claims to be a la Ad Aware and Spybot S&D. I tried googling the site but no information was available on the URL. The product program is advertised as SpyBouncer.
Anybody ever checked this one out? Having been had by paretologic's XofSpy, I've become leery of this one, too. Nope, didn't try it out.
The file associated with the site that asks the user to download and install is sbsetpup.exe. When I Googled the filename, there are many, including those pertinent to hardware installers. Now, that makes the file more suspicious!
What makes unsuspecting newbies latch on to this one is the "warning" box. What's funny about this is, when you really parse the "Warning! SpyBouncer can detect if Your PC is Infected with Adware or Spyware that is installed!", the ironic message--being warned of its claimed capability. It sounds like "Warning! You'd get stuffed if you eat burgers!"
I don't intend to download the file but just as well, I might as well put this as a notification or a possible heads-up.
[BTW, I searched AO and found 17 topics citing the word "goggle" but in the context of Google search/usage... all are likewise outdated.]
Cheers to all!
-Goitz
Si vis pacem, para bellum!
-
May 26th, 2005, 11:18 AM
#2
Looks somewhat similar to this post on my blog. The design of the site looks very similar to the one I found. Eh. I'll download it and install it (deliberately infect my machine) to see what it fully does and report back here.
-
May 26th, 2005, 11:22 AM
#3
This really isn't anything new... malicious sites have been registering common typos for a while now. There was a cuffufle about www.googkle.com (or something similar) which took advantage of the IE auto-install feature (users' trust of software which they did not verify) and installed spyware on user's computer.
In general, any typo which refers you to a domain like that is either some search site earning pay-per-click, or advertising malicious software.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
May 26th, 2005, 11:42 AM
#4
For those interested, this is a good source:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
It lists products that use questionable marketing methods and/or their products are not up to standard.
-
May 26th, 2005, 12:23 PM
#5
I visited the website and was told that I was 'infected' with 125 pieces of spyware! *GASP* Oh my!!!
Let's see who is hosting the site:
Registrant:
Knowledge Associates (QJIZOVOYUD)
PMB # 308 94 Gardiners Avenue
Levittown, NY 11756-3753
US
Domain Name: GOGGLE.COM
Administrative Contact, Technical Contact:
Knowledge Associates (23982285O) knowledgeassoc@yahoo.com
PMB # 308 94 Gardiners Avenue
Levittown, NY 11756-3753
US
(800) 795-0571 fax: 123 123 1234
Record expires on 13-Feb-2012.
Record created on 14-Nov-2003.
Database last updated on 26-May-2005 07:14:24 EDT.
Domain servers in listed order:
NS1.DATAPIPE.NET 64.27.65.13
NS2.DATAPIPE.NET 64.27.64.76
So a postal box. Nothing new there. A search on Knowledge Associates brings up a lot of other things but nothing on this user specifically. Ok. So download the file and install.
Installing and running the program was certainly interesting. During the install the program made requests to go to two sites: 64.94.110.11 and 12.158.80.10. Both of these are crl.verisign.com (the only reason that I can see is to do a connection for payment). Once installed I ran it. It didn't download anything (a bit of a change from other "FUDware programs) but it claimed I had 25 infected files. (as a side note, I couldn't resize their window..)
Did you know that Sygate Firewall is a trojan!?!?! *GASP* (all four identifiers of trojans pointed to Sygate). And some fiend installed eDonkey (not that I could find any trace of it.) Like a lot of these kinds of FUDware, they "detect" things that aren't even on the system, "misdetect" legit things or install the malware so that you'd be "impressed" with their abilities and buy the product.
This is, of course, just a detection tool. If I wanted to protect myself further, then I'd have to purchase it (and for a mere $9.95 more I can get a "backup CD"). I doesn't do any worse but it does certainly does fit the description of FUDware.
-
May 26th, 2005, 12:43 PM
#6
Hi MsM, this is interesting, the outfit also goes by the name of SRC Technologies:
http://spywarewarrior.com/viewtopic.php?t=4634&start=30
The tests are pretty comprehensive
-
May 26th, 2005, 01:25 PM
#7
[Slightly off topic injection]
Why bother typing www.gmail.google.com .. just type www.gmail.com {gmail then Ctrl+Enter}.. and it will redirect you to the sign in page .. with zero-chance for being mistyping as you will type less .....
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
May 26th, 2005, 01:58 PM
#8
Thanks, BC.
Now, I found another shortcut; this time to URL accessing.
Si vis pacem, para bellum!
-
May 26th, 2005, 03:21 PM
#9
Gasp! MsMittens has the XXX toolbar...Naughty!
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
-
May 26th, 2005, 03:28 PM
#10
MsMittens has the XXX toolbar...Naughty!
LOL.. ya... That was apparently the Beta Version of Open Office. Go figure!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|