The Latest in IT Security

Spyware celebrates Google’s 13th birthday!

11
May
2011

Websense Security Labs® ThreatSeeker® network has noticed a typosquatting activity targeting google.com. Typosquatting is a popular Internet behavior that generates domain names based upon misspelling famous brand names. It is often abused by scammers to host malware and phishing content on these misspelled domains. Apparently, the Anticybersquatting Consumer Protection Act(ACPA)  was enacted in 1999 to fight against any illegal intention of registering or using a domain confusingly similar to a trademark or famous name. As we know, it has been 13 years since Google was founded in1998. Scammers have taken this opportunity to spread spyware through typosquatting on google.com, claiming that you can win an iPad on Google's 13th birthday.

 

Here is an example of a Google typosquatting: googole.com. Users will happen to get to the fake domain if they mistype google.com.

 

A pop up window says that:

 

 

After you click on the button, you will be redirected  to a site that some people may be interested in, hence dropping their guard:

Whether it's a MacBook Air, iPad, or iPhone 4, why not try, as it's free? However, you may be a little disappointed:

 

On the last page, the file you download reveals its real face on Virustotal detection: 22/42 .

 

Many other big names such as Facebook and YouTube also suffer from typosquatting; only domain registrars can control the selling of typosquatting domain names. Websense customers are protected by our Advanced Classification Engine – ACE.

 

An example of YouTube typosquatting: youtue.com

 

An example of Facebook typosquatting: facebock.com

 

 

We believe that cybercriminals wil continue their criminal activities through the abuse of Google's 13th birthday. Be aware of the term  when you surf, and we welcome any report of suspicious behavior.

Leave a reply


Categories

MONDAY, SEPTEMBER 25, 2017

Featured

Archives

Latest Comments

Social Networks