RealTime IT News

Google Typo Crashes Systems

Spyware authors and phishing fraudsters yanked an old scam out of the playbook Wednesday by directing malicious code at Internet users who may be prone to typing or spelling deficiencies, according to security researchers.

Finnish security firm F-Secure said they discovered an attack aimed at Web surfers attempting to land on Google's homepage, but who may have mistyped the Web address.

Internet users who punch in "Googkle.com" are treated to a host malicious code, as the computer gets slammed with a heap of the unwanted software that is automatically downloaded and installed. The malware includes: Trojan droppers, Trojan downloaders, backdoors, a proxy Trojan and a spying Trojan. A few adware-related files are also installed, the firm said.

"Our investigation revealed that the whole infection starts from the 'googkle.com' Web site. This Web site, as well as a few related Web sites are owned by people with Russian names. Also, several malicious files that are downloaded from these Web sites have Russian texts," F-Secure said in a statement.

When "googkle.com" opens in a browser, it shows two popup windows that are linked to several Web sites, F-Secure said. The first popup reveals a phishing-style Trojan that requests individuals' online banking information. The other deposits phony antivirus alerts on the desktop and attempts to pull victims into other infected sites.

The phony alert is created by changing an HTML file on the desktop that allows the user to click on the notice. It leads the victim to 'topantivirus.biz,' which in turn provides links to other Web sites, according to F-Secure.