Typo Error Downloads Computer Malware
A malicious website has been detected by F-secure, that utilizes a spelling error when typing the name of popular search engine - ‘Google.com’. If a user opens a malicious website, his/her computer gets hijacked.
The name of the malicious website is ‘Googkle.com’. F-secure advises users to strictly stay away from this site, since simply accessing it allows a lot of different malware to get automatically downloaded and installed. Trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan are some of the malware that get installed. A few adware-related files are installed.
When ‘googkle.com’ is opened in a browser, it shows 2 popup windows that are linked to the ntsearch.com and toolbarpartner.com. The ‘ntsearch.com’ website downloads and runs the ‘pop.chm’ file and the ‘toolbarpartner.com’ website downloads and runs the ‘ddfs.chm’ file. Both files are downloaded using exploits and they contain exploits themselves to run embedded executable files. One of the webpages of the ‘toolbarpartner.com’ website downloads a file named ‘pic10.jpg’ using an exploit. This JPG file is actually an executable that replaces Windows Media Player application.