May 11, 2011

Spyware celebrates Google's 13th birthday!

Ran Qiong

Websense Security Labs™ ThreatSeeker® network has noticed a typosquatting activity targeting google.com. Typosquatting is a popular Internet behavior that generates domain names based upon misspelling famous brand names. It is often abused by scammers to host malware and phishing content on these misspelled domains. Apparently, the Anticybersquatting Consumer Protection Act(ACPA)  was enacted in 1999 to fight against any illegal intention of registering or using a domain confusingly similar to a trademark or famous name. As we know, it has been 13 years since Google was founded in1998. Scammers have taken this opportunity to spread spyware through typosquatting on google.com, claiming that you can win an iPad on Google's 13th birthday. 

Here is an example of a Google typosquatting: googole.com. Users will happen to get to the fake domain if they mistype google.com. 

A pop up window says that: 


After you click on the button, you will be redirected  to a site that some people may be interested in, hence dropping their guard:


Whether it's a MacBook Air, iPad, or iPhone 4, why not try, as it's free? However, you may be a little disappointed:

On the last page, the file you download reveals its real face on Virustotal detection: 22/42 .


Many other big names such as Facebook and YouTube also suffer from typosquatting; only domain registrars can control the selling of typosquatting domain names. Websense customers are protected by our Advanced Classification Engine - ACE.


An example of YouTube typosquatting: youtue.com


An example of Facebook typosquatting: facebock.com 


We believe that cybercriminals wil continue their criminal activities through the abuse of Google's 13th birthday. Be aware of the term  when you surf, and we welcome any report of suspicious behavior.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.