MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2005

MA-091.042005: MyCERT Special Alert: Mass Malicious Website - googkle.com

Original Issue Date: 28th April 2005

MyCERT received information from trusted sources regarding a malicious website with a registered domain that might be entered as a spelling error for the famous search engine, Google.com.

The name of the malicious website is 'Googkle.com'. Users are warned NOT TO VISIT THE WEBSITE as visiting the malicious site will install about 49 pieces of trojan droppers, trojan downloaders, backdoors, a proxy trojan, a spying trojan and adware in the victim's machine and uses the local hosts file to block access to popular anti-virus websites and offers a link to a website that sells AV and anti-spyware tools with the slogan "We help people"... No comment.

System Administrators are advised to check on their DNS cache records whether any users have resolved anything that matches "googkle" recently, and then check/rectify the (likely) infected workstations.

More information is available at:

  1. SANS
    http://isc.sans.org/

  2. F-Secure
    http://europe.f-secure.com/v-descs/googkle.shtml

Pls take serious note of this alert in order to prevent any unwanted incidents.

MyCERT can be reached for assistance at:

Web: http://www.mycert.org.my
Email:
Tel: 03-89961901
Fax: 03-89960827
SMS: 019-2813801