Google Alert

Discussion in 'NOD32 version 2 Forum' started by jlo, Apr 26, 2005.

Thread Status:
Not open for further replies.
  1. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    Just read a worrying report regarding spywear and trojan being added if you mistype the google adress? More info here http://www.f-secure.com/v-descs/googkle.shtml

    Does Eset protect against this yet? I am not going to even attemt to visit the mistyped google site :)

    Cheers

    Jlo
     
  2. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Pop ups are blocked by IMON.


    tECHNODROME
     

    Attached Files:

  3. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Thats great to know.

    You are braver than me clicking on the link :)

    Many Thanks

    Jlo
     
  4. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Nice! Cheers :D
     
  5. Happy Bytes

    Happy Bytes Guest

    I'm investigating this site right now :ninja:
     
  6. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    New Avatar? Nice:)
    PoopScan :) xa xa xa
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    that's one nasty site - it has 4 trojan/hijackers that I found in a very cursory scan of the HTML - all of which appeared to be blocked by my hosts file, let alone NOD32.

    Nothing managed to get through my hosts file to the NOD32 I run - although without a very extensive hosts file, I'm sure they would have...

    I'm sure Happy Bytes will provide a more in-depth analysis, and although I'm no security expert, I can see that this site has the potential to be nailing many, many, MANY googlers with finger trouble!

    The site itself is hosted on an EV1.net (Houston, TX) IP address and is registered to someone out of St. Petersburg in Russia... if anyone knows someone at EV1.net, it might be worth sending them a quick email... who knows.. it might (should) get pulled for a while....
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    good to hear Happy! :D while the threats at this site are being looked into, how about a quick update that adds this url to the "Website access blocking" list? this could have been done as soon as this threat was reported and then the individual threats that lurk there could be addressed...just my thoughts, and maybe its already been done or there is more to it than that...
     

    Attached Files:

    • imon.JPG
      imon.JPG
      File size:
      10.9 KB
      Views:
      392
  9. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    You know, Internet Explorer is the brave men's browser! A true surfer doesn't fear adware, spyware and viruses, but rushes into the fray unprotected!! :D
    My Firefox didn't even let the popups open, so nothing happened, I saw a "clean" webpage. IE6 (with XP SP2) kept on "clicking" (making the popup blocked sound) for minutes, then passed a file to FlashGet for download. IMON terminated another hazard. It's clicking even now, I'll post back if it does anything.

    Bottom line: if I didn't know that this site is malicious, I wouldn't have been harmed anyway. After IMON kills a file off a site I won't download anything :S Go Eset!

    And I think lee1276 is right this would be a great time to unveil Website Blocking's powers :D
     
  10. Mystique

    Mystique Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    33
    Thanks so much for sharing this info. I read it in this thread here and I straight away informed people to warn them. I am not brave enough either to click on the site itself although I was tempted to :rolleyes: . I use Firefox as my browser and I use the built in search bar (which includes yahoo and google) which is very very handy. Saves my fingers from wandering about and misspelling. This is an easy mistake to do with google being so popular a search engine. It is sad that some folks choose to prey on people like this. Surely they can't get away with this for long. o_O
     
  11. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Using opera and admuncher nothing happened. Admuncher says it blocked a webbug and blocked activity when leaving the page
     
  12. ghost2003

    ghost2003 Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    13
  13. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    but it has the other sites mentioned at the f-secure page [I think]...
    ntsearch.com and all, yes?
     
  14. ghost2003

    ghost2003 Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    13
    ya it does, i should have read the whole page first :-/
     
  15. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Damn, I missed out on the fun. I tried going to googkle.com with MSIE on an unpatched WinXP Pro SP-2 system, no AV, no AT, no firewall, and the site seems to be down. :(
     
    Last edited: Apr 26, 2005
  16. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    :) Thanks for the heads up Jlo. I enjoyed the article as well !! :cool:
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    All links go through to CWS, and my hosts file refuses connection.

    Cheers :D
     

    Attached Files:

    • CWS.JPG
      CWS.JPG
      File size:
      9.4 KB
      Views:
      242
  18. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    I just let it go on one of my test boxes. It sounds like a ticker tape gone awry. ;)

    I wonder how infected it will be in about 8 hours. :eek:
     
  19. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Just do a refresh (it did the same to me) and listen to the fun. :cool:

     
  20. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    Well Blackspear! How cool is that? Wish you lived in my neck of the woods and could teach me how to do that. Love this forum.....but I will err on the side of caution and keep well away from the danger zone.

    Elray :doubt:
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Pretty cool, I love my defences :D


    LOL, ahhh but I do, you and I are part of Wilders, a great place to learn :D To learn what I use and for what purpose just take a look here, you will see what I consider “Tight Security”, and if you want to go down that track take one piece of software at a time, ask about it, install it, know how to maintain it, and then move on to the next piece of software. In order for me to use a piece of software it must be simple to use and maintain, or it gets the flick quick smart ;) :D


    That is a good thing, until at least you are very confident in your security, and that security is layered, and part of that security includes imaging and confidence in the backup of your data.

    Cheers :D
     
  22. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    Thanks for the link - makes good reading. Won't keep intruding on this thread - suffice it to say that I probably fall into the middle ground of your security suggestions. I'll study up on the rest!

    Elray.
     
Thread Status:
Not open for further replies.