April 27, 2005 8:51 AM PDT

Scheme preys on people who mistype 'Google.com'

Security researchers have discovered an attack aimed at would-be visitors to Google.com, one that attempts to download malicious programs onto the computers of people who simply mistype the search giant's Web address.

According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to "Googkle.com." The scheme is meant to take advantage of sloppy or hurried typists, given that on most keyboards the letter "k" key sits next to the "l" needed to type "Google."

Google representatives said the company had no comment on the matter for the time being.

In the past, the company appears to have made moves to protect its users against mistyping errors. If a person puts an extra "o" in Google's URL, they are simply redirected to the company's homepage. On the other hand, if someone mistakenly adds a fourth "o" to Google, they are directed to USseek.com, a Web portal that offers pop-up advertising for an online casino.

In an advisory, F-Secure strongly advises people not to go to Googkle.com. People who do so will see two pop-ups linked to Web sites that install the Trojan programs. One of the programs is a phishing-style Trojan that attempts to garner individuals' online banking information, while another drops phony antivirus alerts on the victim's desktop that attempt to lure people to other infected Web sites.

While relatively low-tech in terms of its social engineering, the URL mistype attack is an approach that has long been incorporated by many different kinds of Internet opportunists, from legitimate companies trying to steal traffic from their rivals or simply piggyback on the success of larger companies, to criminals looking to misrepresent themselves and trick consumers into handing over personal data.

In one of the most famous instances of URL deception, the site hosted at Whitehouse.com for several years was an advertisement for pornography, not a link to the office of the president, whose official site is Whitehouse.gov.

41 comments

Join the conversation!
Add your comment
trojans?
Sheesh, get a Mac. Unbelievable that your OS wouldn't protect you any better...
Posted by (1 comment )
Reply Link Flag
Do you even know what a trojan is?
Or more specifically that any OS can suffer the effects of a trojan because of the nature of how they work by tricking the user. Heres a thought. Read up and understand what you are posting about before you shoot off your mouth.
Posted by Jonathan (832 comments )
Link Flag
No Thanks
You want me to "switch" and invest my hard earn money to that arrogant & greedy Mr. Jobs and his gang? No thanks, I will pass :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
Or if you want a computer...
just install Firefox. The reason why there's no trojans for macs is because trojans exist to get people's information - so you need a large number of USERS. Oh and they need to have bank accounts.
Posted by sanenazok (3449 comments )
Reply Link Flag
I really enjoy your comedy!
I find this statement extremely amusing! Would you consider 25
Million users a large number? Viruses are written by mainly
teenage kids... are they brilliant... or just copying and pasting
readily available code and distributing it.. In addition, wouldn't
you think it would be a major accomplishment to write a virus
for a UNIX based OS? Perhaps its too difficult... why waste your
time failing when a simple web page could infect a windows os.
Keep thinking that way!!!
Posted by (24 comments )
Link Flag
FireFox, huh?
I can't wait to see how "secure" FireFox is......oh, maybe I should say "how FireFox users "think" FireFox is secure" :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
Enjoyment is a two-way street
There's a difference between an OS and a browser, did you hear about that? It's not Windows that gets infected, but rather IE, and only if you let it. There are security holes and viruses for the Mac, it's just nobody bothers to distribute them, because they won't run on PC's. Duhhh
Posted by sanenazok (3449 comments )
Reply Link Flag
Ok... If there are viruses for OS X
Please name one....
Posted by (24 comments )
Link Flag
IE == Windows
Perhaps, but IE is so integrated into the Windows OS that
infecting IE can practically devistate the system. Using a
browser like Firefox (which is separate from the OS) or any
browser in Mac OS X, all of which are separate from the OS, will
limit the chance of any virus/spyware/malware being able to do
any real damage to your OS.

However, as secure as Mac OS X is, it still won't protect users
from phishing schemes. That protection falls solely on the user.
Posted by quantum0726 (10 comments )
Link Flag
I See
So you think you are the only person in the world to know the differences between an OS and a browser? Give me a break :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
Nope. Using Firefox with the new popup extension
Oh you are talking about the idiots still using IE. Sorry.
Posted by Jonathan (832 comments )
Reply Link Flag
Hmmm..
Right or wrong, you will always be on the losing side of the argument when you accuse an overwhelming majority of the people of being "idiots." Lets leave the blame on the hackers, not the users. I won't call people "idiots" for using standard locks on their doors.... even though they can be easily picked.
Posted by David Arbogast (1709 comments )
Link Flag
I can't wait....
For XPI-based malware. Then, I'll post a comment saying "Nope. Using Opera", with the content being "Oh you are talking about the idiots still using Firefux. Sorry."
Posted by TimeBomb (70 comments )
Link Flag
Hi Smart Cookie
If you want to be a smart ass, so be it, but just because you know how to use FireFox does not mean you are SMARTER :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
i support googkle
so long as it helps rid the internet of people who can't spell. especially a simple word like google. now if the website in question was electroencephalogram.com or floccinaucinihilipilification.net then i suppose i'd see it as a problem
Posted by Sam Papelbon (242 comments )
Reply Link Flag
I agree
(Warning, the following statement is full of sarcasm)
And right after this site gets rid of the people who can't spell, maybe they can move on to the people who don't use proper capitalization and spell everything in lowercase! Then it could move on to other grammatical errors people make weeding them out little by little until you can't make any errors in typing a URL without getting a virus. Because everyone knows that people who can't spell is such a HUGE plague terrorizing everyone on the internet.
(End of sarcasm)

Anyways, the thought of supporting someone who puts viruses on people's computers just because they happen to type a 'k' in the name of google, or any other grammar errors in any website, is completely retarded.
Posted by Bryan Bartlett (14 comments )
Link Flag
Just Use Bookmark
Why not just put google in the bookmart or simply set it as the home page? For people who do not know how to spell, this is a good tip for you all :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
There is a difference between not being able to spell and a typo.
Do you really not understand the difference?
Posted by pcLoadLetter (395 comments )
Link Flag
A Rose by any other name....
It's straight from Symantec, you have to look beyond the name.

Remember, don't judge a book by its cover.
Posted by sanenazok (3449 comments )
Reply Link Flag
How is this Even LEGAL??
I donĀ“t get it. How is this even legal? and if so why do we let stuff like this exist! I am so sick and tired of having to deal with viruses,trojans and spam. There should be heavy laws against this stuff with serious jail time!!! Everyone complains, you see it on CNN, but the end result is nothing. Why do we give free reign to these theives??
Posted by (1 comment )
Reply Link Flag
why?
Because they're hard to catch.
Posted by (84 comments )
Link Flag
Then don't deal with it
Viri and worms are easy to avoid. Use a good AV program, and don't use IE.

Spyware is easy to avoid, Use a good spyware blocker and don't use IE.

Spam is easy to avoid, don't spread your email address around, and use a alternate address if you need to give it to some site and think you might get spammed. A hotmail account is perfect for this, what else would anyone use hotmail for besides a junk repository?

Phishing scams are easy to avoid. Don't be stupid.

I use Firefox, AVG anti-virus, Zone-Alarm pro, Spybots tea timer, and scan once a week with spybot and Ad-aware. I am careful who gets my address, even cnet only has my spam address. I haven't got any spyware in months, I have never gotten a virus or worm, and haven't seen a bit of spam in well over a year.

Of course, all this effort should not be necessary, I don't have to worry about any of this on my linux install. No, don't bother trying to claim that linux is only safer because it isn't 'popular', that myth has been debunked countless times and will only make you look like an idiot.
Posted by pcLoadLetter (395 comments )
Link Flag
Legality in an internet world
First off, the internet isn't in just the US, it is around the world. Therefore, it is subject to not only one set of laws, but many. Even if the US tried to get these trojan horse makers and make them pay for the damage they cause to the thousands of computers each year, all they have to do is move there server to a country to a place with laxer laws, hookup there server to the internet, and they are back online and out of the grasp of the US legal system. It is a shame, but thats life. Now, if only we can get the UN to try to come up with an "Internet Treaty" that allows the home country of users who get damaged by trojan horses to be able to go after the trjan horse makers. That would stop things. Besides, I don't use Internet Exploder (I mean Explorer) anymore unless I am downloading something I want to specifically download from either CNET or another source.
Posted by james.grimes (58 comments )
Link Flag
Site is already down
Checked it out, with my mac of course!
Posted by Gerald Quaglia (72 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.