Scammers Target Googlers with Trojan Attack

Prone to typos? Beware. Hackers have revived a once common scam in which they use a URL that contains a misspelled real site to spread malware. The latest targets Google (Nasdaq: GOOG) users with the misspelled "www.googkle.com."

Users can't check it out, even out of curiosity, anymore because it has already been taken down, Mikko Hypponen, director of anti-virus research, F-Secure, told TechNewsWorld.

In the past, users of MSN.com and CNN.com have also been targeted by scams like this. F-Secure, a security firm in Finland, first broke the news of the Trojan this week.

Wide Range of Malware

Hypponen said going to the site was quite dangerous because of the range of malware that resulted and the fact that it would be automatically downloaded to the PC of anyone who visited the malicious site.

"Your PC would completely automatically end up taken over by a wide variety of keyloggers and spyware," he said.

That malware includes Trojan droppers, program that drops Trojan horses or back door Trojans onto computers; Trojan downloaders, which secretly download more malware; backdoors, a proxy Trojan, an application that allows remote hackers to access the Internet through an infected computer; and a spying Trojan, which allows a hacker to monitor user's activities -- including keystrokes -- on an infected computer.

The scammers also included a few adware-related files. The site also blocked access to anti-virus updating.

Don't Fall Prey

Aside from double-checking all typing, Hypponen recommended using bookmarks or avoiding Internet Explorer to prevent accidental exposure to sites such at this one.

"This Web site, as well as a few related Web sites are owned by people with Russian names. Also several malicious files that are downloaded from these Web sites have Russian texts," F-Secure said on its site, adding that it had reported the scam to authorities.

The scam is a sign of the ever more invasive attempts by scammers to find a way into PCs, one analyst said.

"This is a continuation of a trend of increasing spyware infection in the industry," Ed Moyle, president of SecurityCurve, told TechNewsWorld.

"Spyware vendors, to keep pace with both users' increased awareness of spyware and the availability of software to protect against it, are seeking ever-more invasive and aggressive ways of distributing their software," he said. "I think it is only a matter of time before they ratchet the intrusiveness up to the next level."