Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Google.com vs goggle.com

  1. #1

    Question Google.com vs goggle.com

    Hello All,


    I made the mistake of typing http://www.gmail.goggle.com (do try it yourself) as I was trying to access my GMail account and what I got is attached.

    Looks like a honeypot to me but it claims to be a la Ad Aware and Spybot S&D. I tried googling the site but no information was available on the URL. The product program is advertised as SpyBouncer.

    Anybody ever checked this one out? Having been had by paretologic's XofSpy, I've become leery of this one, too. Nope, didn't try it out.

    The file associated with the site that asks the user to download and install is sbsetpup.exe. When I Googled the filename, there are many, including those pertinent to hardware installers. Now, that makes the file more suspicious!

    What makes unsuspecting newbies latch on to this one is the "warning" box. What's funny about this is, when you really parse the "Warning! SpyBouncer can detect if Your PC is Infected with Adware or Spyware that is installed!", the ironic message--being warned of its claimed capability. It sounds like "Warning! You'd get stuffed if you eat burgers!"

    I don't intend to download the file but just as well, I might as well put this as a notification or a possible heads-up.

    [BTW, I searched AO and found 17 topics citing the word "goggle" but in the context of Google search/usage... all are likewise outdated.]

    Cheers to all!

    -Goitz
    Si vis pacem, para bellum!

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Looks somewhat similar to this post on my blog. The design of the site looks very similar to the one I found. Eh. I'll download it and install it (deliberately infect my machine) to see what it fully does and report back here.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    This really isn't anything new... malicious sites have been registering common typos for a while now. There was a cuffufle about www.googkle.com (or something similar) which took advantage of the IE auto-install feature (users' trust of software which they did not verify) and installed spyware on user's computer.

    In general, any typo which refers you to a domain like that is either some search site earning pay-per-click, or advertising malicious software.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    For those interested, this is a good source:

    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    It lists products that use questionable marketing methods and/or their products are not up to standard.


  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I visited the website and was told that I was 'infected' with 125 pieces of spyware! *GASP* Oh my!!!

    Let's see who is hosting the site:

    Registrant:
    Knowledge Associates (QJIZOVOYUD)
    PMB # 308 94 Gardiners Avenue
    Levittown, NY 11756-3753
    US

    Domain Name: GOGGLE.COM

    Administrative Contact, Technical Contact:
    Knowledge Associates (23982285O) knowledgeassoc@yahoo.com
    PMB # 308 94 Gardiners Avenue
    Levittown, NY 11756-3753
    US
    (800) 795-0571 fax: 123 123 1234

    Record expires on 13-Feb-2012.
    Record created on 14-Nov-2003.
    Database last updated on 26-May-2005 07:14:24 EDT.

    Domain servers in listed order:

    NS1.DATAPIPE.NET 64.27.65.13
    NS2.DATAPIPE.NET 64.27.64.76
    So a postal box. Nothing new there. A search on Knowledge Associates brings up a lot of other things but nothing on this user specifically. Ok. So download the file and install.

    Installing and running the program was certainly interesting. During the install the program made requests to go to two sites: 64.94.110.11 and 12.158.80.10. Both of these are crl.verisign.com (the only reason that I can see is to do a connection for payment). Once installed I ran it. It didn't download anything (a bit of a change from other "FUDware programs) but it claimed I had 25 infected files. (as a side note, I couldn't resize their window..)

    Did you know that Sygate Firewall is a trojan!?!?! *GASP* (all four identifiers of trojans pointed to Sygate). And some fiend installed eDonkey (not that I could find any trace of it.) Like a lot of these kinds of FUDware, they "detect" things that aren't even on the system, "misdetect" legit things or install the malware so that you'd be "impressed" with their abilities and buy the product.

    This is, of course, just a detection tool. If I wanted to protect myself further, then I'd have to purchase it (and for a mere $9.95 more I can get a "backup CD"). I doesn't do any worse but it does certainly does fit the description of FUDware.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi MsM, this is interesting, the outfit also goes by the name of SRC Technologies:

    http://spywarewarrior.com/viewtopic.php?t=4634&start=30

    The tests are pretty comprehensive

  7. #7
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    [Slightly off topic injection]

    Why bother typing www.gmail.google.com .. just type www.gmail.com {gmail then Ctrl+Enter}.. and it will redirect you to the sign in page .. with zero-chance for being mistyping as you will type less .....
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  8. #8
    Thanks, BC.

    Now, I found another shortcut; this time to URL accessing.
    Si vis pacem, para bellum!

  9. #9
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Gasp! MsMittens has the XXX toolbar...Naughty!
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    MsMittens has the XXX toolbar...Naughty!
    LOL.. ya... That was apparently the Beta Version of Open Office. Go figure!
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •