Security Basics: goggle.com spyware

[Murad Talukdar <talukdar_m () subway com>]

Hi,
Has anyone had any experience of dealing with a site(and subsequent spyware)
that is called goggle.com? ie close enough to google.com for people to
mis-type.

It seemed to hijack a user's desktop background(replaced the Internet
Explorer background) and shutdown IE6 but then nothing after that. From what
I've read, there should have been a slew of popups and then some other
malware loaded onto the machine-I'd like to think that the popup blocker,
sec settings and our AV s/w did the job, but would like to verify that.

No mass popup proliferation nor does there appear to be any strange
processes running and no other viral type activity. Have run spybot and
hijackthis with only a single line seemingly suspect-that of bmnet.dll
imply9ing a broken internet, which appears to be related to the Vodafone
mobile connect wireless card the user has. It appears to be part of the LSP
which handles connections thru the card.

The machine is patched(running XP2).
Does Firefox or IE7 have any feature to prevent the mis-typing of sites? I
saw a demo of IE7 which gave a rating to the site and double checked it
before allowing access and wondered whether it covered this type of
activity.

 



---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------