Spyware celebrates Google's 13th birthday!
Websense Security Labs™ ThreatSeeker® network has noticed a typosquatting activity targeting google.com. Typosquatting is a popular Internet behavior that generates domain names based upon misspelling famous brand names. It is often abused by scammers to host malware and phishing content on these misspelled domains. Apparently, the Anticybersquatting Consumer Protection Act(ACPA) was enacted in 1999 to fight against any illegal intention of registering or using a domain confusingly similar to a trademark or famous name. As we know, it has been 13 years since Google was founded in1998. Scammers have taken this opportunity to spread spyware through typosquatting on google.com, claiming that you can win an iPad on Google's 13th birthday.
Here is an example of a Google typosquatting: googole.com. Users will happen to get to the fake domain if they mistype google.com.
A pop up window says that:
After you click on the button, you will be redirected to a site that some people may be interested in, hence dropping their guard:
Whether it's a MacBook Air, iPad, or iPhone 4, why not try, as it's free? However, you may be a little disappointed:
On the last page, the file you download reveals its real face on Virustotal detection: 22/42 .
Many other big names such as Facebook and YouTube also suffer from typosquatting; only domain registrars can control the selling of typosquatting domain names. Websense customers are protected by our Advanced Classification Engine - ACE.
An example of YouTube typosquatting: youtue.com
An example of Facebook typosquatting: facebock.com
We believe that cybercriminals wil continue their criminal activities through the abuse of Google's 13th birthday. Be aware of the term when you surf, and we welcome any report of suspicious behavior.