Language Selection

English French German Italian Portuguese Spanish

Beware How You Google

Filed under
Web

A simple misspelling of Google's domain name could lead to a Web surfer's worst nightmare.

In a new twist to the old practice of "typosquatting," virus writers have registered a slight variation of Google Inc.'s popular search-engine site to take advantage of any users who botch the spelling of the google.com URL.

The malicious site, googkle.com, is infested with Trojan droppers, downloaders, backdoors and spyware, and an unsuspecting user only has to visit the page to be at risk of computer hijack attacks, according to a warning from Finnish anti-virus vendor F-Secure Corp.

When googkle.com is opened in a browser, two pop-up windows are immediately launched with redirects to third-party sites loaded with scripts. One of the sites, ntsearch.com, downloads and runs a "pop.chm" file, and the other, toolbarpartner.com, downloads and runs a "ddfs.chm" file, F-Secure said.

"Both files are downloaded using exploits and they contain exploits themselves to run embedded executable files. One of the Web pages of the 'toolbarpartner.com' website downloads a file named 'pic10.jpg' using an exploit. This JPG file is actually an executable that replaces [the] Windows Media Player application," the warning reads.

The typosquatters also launch a steady stream of pop-up Web pages with different .exe files.

One batch of exploits loads a malware package that includes two backdoors, two Trojan droppers, a proxy Trojan, a spying Trojan and a Trojan downloader.

It is not yet clear if the attack vector takes advantage of an unpatched version of Microsoft Corp.'s Internet Explorer. Redmond officials could not be reached for comment.

Full Story.

More in Tux Machines

Open source licensing: What every technologist should know

If you’re a software developer today, you know how to use open source software, but do you know how and why open source licensing started? A little background will help you understand how and why the licenses work the way they do. Read more

Kali Linux 2017.2 Release

We are happy to announce the release of Kali Linux 2017.2, available now for your downloading pleasure. This release is a roll-up of all updates and fixes since our 2017.1 release in April. In tangible terms, if you were to install Kali from your 2017.1 ISO, after logging in to the desktop and running ‘apt update && apt full-upgrade’, you would be faced with something similiar to this daunting message: Read more Also: Kali Linux 2017.2 Released With New Hacking Tools — Download ISO And Torrent Files Here

Open source-based business lessons from a seasoned CEO

The default now is to build from open and in the open. So that's a positive. The downside is that by open source being the default, we may be getting a little lazy. If you remember back 5-10 years, open sourcing was a big deal, and it forced a level of rigor that may have led, in some cases, to founders and early investors taking better approaches to building their company—for example, shifting towards SaaS wherever possible, in part because of the ability to demonstrate clear value versus their own open source. Read more

Keeping up with advances in open source database administration

The world of open source databases is rapidly evolving. It seems like every day brings a new release of an open source technology that might make a database administrator's life easier, if only he or she knew about it. Fortunately, there are many ways to stay on top of what's going on with open source database technology. One such way is the Percona Live Open Source Database Conference, taking place next week in Dublin, Ireland. We've covered Percona Live before, and invite you to take a look back at some of our previous stories. From IoT to big data to working with the cloud, there's plenty to keep up with. Here are a look at a couple of the sessions you might enjoy, as described by the speakers. Read more