MA-091.042005: MyCERT Special Alert: Mass Malicious Website - googkle.com
Original Issue Date: 28th April 2005
MyCERT received information from trusted sources regarding a malicious website with a registered domain that might be entered as a spelling error for the famous search engine, Google.com.
The name of the malicious website is 'Googkle.com'. Users are warned NOT TO VISIT THE WEBSITE as visiting the malicious site will install about 49 pieces of trojan droppers, trojan downloaders, backdoors, a proxy trojan, a spying trojan and adware in the victim's machine and uses the local hosts file to block access to popular anti-virus websites and offers a link to a website that sells AV and anti-spyware tools with the slogan "We help people"... No comment.
System Administrators are advised to check on their DNS cache records whether any users have resolved anything that matches "googkle" recently, and then check/rectify the (likely) infected workstations.
More information is available at:
Pls take serious note of this alert in order to prevent any unwanted incidents.
MyCERT can be reached for assistance at: