Note: Goggle.com is currently being leeched. Standby for updates.
Update (Ivan, 16 November 2005 11:40:51)
Update (X10, 16 November 2005 18:10:41)
Upon entering www.goggle.com, the user will be greeted with this pop-up (if the ActiveX options are activated):
If the ActiveX is triggered, then it will install the SpyBouncer, a rogue antispyware.
And another pop-up will appear, which when clicked will install the Spyspotter from his location: http://download.spyspotter.com/spyspotter/spsp2995310.01noopt/spyspotterwebinstall.exe. (Spyspotter is another rogue antispyware.)
In classic case of social engineering to fool the user, the site displays an animation where it pretends to scan the user’s system for spyware. And if ActiveX is not enabled, you will be notified by your browser of this ActiveX scripting attempt (tested on Internet Explorer 6.0)
And when you click that scanning portion, or the “Click Here” hyperlink, you will be prompted to Open or Save the installer file from: http://www.spybouncer.com/gsetup.exe
There are also other advertisements in the site:
This is the one of them:
This will lead the user to: http://www.dvdwizardpro.com/index.html (no auto installations here)
And here’s another one:
Which will lead the user to: http://www.errorguard.com/index-rev.html?a=714-23
In the continuing thrust for aggressive advertising by spyware groups, their clients and their affiliates, sites like these have been born. Continually preying on unsuspecting users… To err is human after all, and if those errors could bring them the profit they want, then they’re doing it.
Note: Thanks to Maria Patricia Revilla for checking with our spyware cleanup process.
続きを読む