Personal Tech Pipeline | Spyware, Phishers Play Off Google.com

White Papers

Sponsor Resources

WebCasts
Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

April 26, 2005

Spyware, Phishers Play Off Google.com



Courtesy of TechWeb News

Spyware authors and phishing scammers are using a technique almost as old as the Internet to draw unsuspecting users: Web sites purposefully designed to take advantage of typing errors.

Finnish security firm F-Secure has discovered a site just one letter different than Google.com that when accidentally visited, drops a slew of malicious software on users' PCs.

The site, and several affiliated sites, are registered to various Russian nationals, said F-Secure, which has alerted local authorities.

Visitors who stumble on the site by mistyping google.com are immediately presented with two pop-up windows linked to sites that in turn load executable files exploiting several Windows vulnerabilities. By the time the entire sad episode's over, the machine has been infected with two backdoor components, two Trojans that drop a pair of DLLs onto Windows, a proxy Trojan, a Trojan-style piece of spying that steals bank-related information, and Trojan downloader that can retrieve and install yet more malware.

To top it off, several pieces of less-malicious adware are added to the PC.

The Trojans want to stay put on the machine, said F-Secure, as evidenced by behavior such as modifying the Windows HOSTS file so that connections can't be made to several anti-virus firms' update sites. Some are also extremely cynical, for they cause pop-ups to appear on the screen that scream "VIRUS ALERT! YOUR PC IS INFECTED!" The fake alert includes a link to a site from which users can download various anti-virus and anti-spyware programs.

"The entire model for phishers is to re-route people to malicious Web sites," said Avivah Litan, research director with Gartner. "They've been using this technique for the last 18 months or so. It's definitely primitive -- most phishers have gone on to more sophisticated methods -- but it still works."

Misspelled domains have been used by the scabrous almost since URLs were created. Pornographers were among the first to adopt the tactic of registering domains that are slightly off legitimate sites' spelling, or play off confusion between. .com and .gov.

Whitehouse.com, for instance, was for years the accidental destination of millions who really wanted to visit Whithouse.gov. The simple mistake leads them not to Washington, D.C., but to a porn site that trafficked in "hot interns" and naked "first ladies." The site's owner sold the domain in 2004, saying that he was worried about what his young son would think of his business.

The bottom line, said Gartner's Litan, is that phishers and spyware planters "will try anything" to get victims to sites to steal identities or install malicious software.

"I talked to a major ISP just a couple of days ago," said Litan, who declined to name the Internet provider, "and they told me that they saw as many phishing attacks in the past week as they had in the whole month before.

"Phishing is much more vociferous than anyone believes," said Litan. "There's a tremendous amount of it that's going unreported."

E-mail This Story
Print This Story
Reprint This Story




Get the latest Personal Tech news, product info, and trends every week.


Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed



Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?


In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.



PERSONAL TECH PIPELINE MARKETPLACE (sponsored links)
Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

ibm.com Business sale
through March 31 save 10% on select IBM eServer� IntelliStation� and xSeries� Express models, 5% on select warranty products, 10% on IBM Certified Used Equipment including notebooks and desktops and 70% on Storage Enterprise Server (2105-800P)

Save Big On IBM Certified Used Equipment
IBM Quality at a fraction of the price of new! IBM Certified Used Equipment provides access to a broad selection of used IBM systems, upgrades and features, including newer equipment. All systems are factory-refurbished with a 3-month guarantee.

Buy, Sell or Rent Used Cisco Equip-Save up to 85%
Digital Warehouse buys, sells, & rents used Cisco networking hardware such as routers & switches, as well as Juniper, Extreme & Foundry at 50-80% off list price. One year warrantee and fast delivery.

Flexible Anti-Spam Solution - CanIt-PRO
Stop spam on your terms with CanIt-PRO, the most flexible and customizable anti-spam solution available for the mail server. Offers per-user or per-group controls and is available as software or hardware appliance.


Buy a Link Now


Top ten search terms from the TechWeb TechEncyclopedia
Stellent eSeminar "Approaches to Metadata Design" on March 23
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia