Security Basics mailing list archives
goggle.com spyware
From: Murad Talukdar <talukdar_m () subway com>
Date: Mon, 18 Dec 2006 11:11:12 +1000
Hi, Has anyone had any experience of dealing with a site(and subsequent spyware) that is called goggle.com? ie close enough to google.com for people to mis-type. It seemed to hijack a user's desktop background(replaced the Internet Explorer background) and shutdown IE6 but then nothing after that. From what I've read, there should have been a slew of popups and then some other malware loaded onto the machine-I'd like to think that the popup blocker, sec settings and our AV s/w did the job, but would like to verify that. No mass popup proliferation nor does there appear to be any strange processes running and no other viral type activity. Have run spybot and hijackthis with only a single line seemingly suspect-that of bmnet.dll imply9ing a broken internet, which appears to be related to the Vodafone mobile connect wireless card the user has. It appears to be part of the LSP which handles connections thru the card. The machine is patched(running XP2). Does Firefox or IE7 have any feature to prevent the mis-typing of sites? I saw a demo of IE7 which gave a rating to the site and double checked it before allowing access and wondered whether it covered this type of activity. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- goggle.com spyware Murad Talukdar (Dec 18)