Well, if you're in Winodws.

http://news.yahoo.com/s/zd/150820
" ... The malicious site, googkle.com, is infested with Trojan droppers, downloaders, backdoors and spyware, and an unsuspecting user only has to visit the page to be at risk of computer hijack attacks, according to a warning from Finnish anti-virus vendor F-Secure Corp. ..."

I wouldn't even go look from linux. :cool:

Not surprising considering the number of sites that you can mispell when typing in the address and be taken to all kinds of places on the web. Someone just finally decided to use this as a form of attack rather than as an advertising venture for some business.

There is nothing there to hurt a Linux user, although it is a minefield for Redmond OS unfortunates.

I have been using the site as a test data stream as I learn the subtlities of Ethereal. I don't understand most of what they are trying to do since their accesses bounce off my unfamiliar (to them) OS, but I can say that they shovel javascripts by the ton.

Some of the scripts will trigger Firefox but, of course, the packages they are trying to deliver are DOA.

What I don't understand is why ISPs don't put them in an exclusion list.

If you are really paranoid, boot a live CD and go look. Then you are totally safe.

CptKrf

I'll just add an entry to my router to block everything from that domain. I have a couple of windows PCs on my network. That will help keep them out.

On a side note it might be interesting from a learning stand point to take the pc I have waiting to be converted to linux and visit there and see just how much stuff they launch at it.

Sort of a before googkle.com and after googkle.com

It's going to be wiped clean anyway so why not have some fun.

looks like it's alreeady been killed.

Yes, the affected DNS records were killed on (or perhaps before) April 30 (http://isc.sans.org/diary.php?date=2005-04-30), three days ago. ;)

But the site has been up since right about April 26 (http://isc.sans.org/diary.php?date=2005-04-26)...

(I guess that's what happens when you get your news from Wired... *ducks and runs* :p)

Originally posted by bwkaz
Yes, the affected DNS records were killed on (or perhaps before) April 30 (http://isc.sans.org/diary.php?date=2005-04-30), three days ago. ;)

But the site has been up since right about April 26 (http://isc.sans.org/diary.php?date=2005-04-26)...

(I guess that's what happens when you get your news from Wired... *ducks and runs* :p) Don't worry, this story will be posted on Slashdot within the next couple of days and about the 68th post will mention the site has been offline since the 30th :D

Well, Mule Muffins!, as Colonel Potter would say. They appear to indeed be gone. Now I wish I had captured a bunch more data streams last week.

I don't know why the powers that be have to interfere with an outfit that doesn't cause any important harm. I mean, after all, you can barely tell a working Windows from a worm ridden install and real OS's weren't affected:)

CptKrf

Originally posted by CptKrf
Well, Mule Muffins!, as Colonel Potter would say. They appear to indeed be gone. Now I wish I had captured a bunch more data streams last week.

I don't know why the powers that be have to interfere with an outfit that doesn't cause any important harm. I mean, after all, you can barely tell a working Windows from a worm ridden install and real OS's weren't affected:)

CptKrf
Yeah, I was kinda looking forward to using this site as a demonstration of what malware can do for our summer registration exhibit. Oh well.:rolleyes:

Actually, my non-serious comment about them causing no harm to we enlightened OS users is totally false. Every time they capture another Windoze zombie, we get another batch of spam flooding in. So, Win, Lin and Apple users are all bailing out the same lifeboat.

So I guess, "The enemy of my enemy is my friend."

CptKrf

More than likely, that's where we got our porn dialer from; my child is a poor speller.

He's also an avid gamer and I'm a Linux newbie (less than 3 months into my journey) but this last incident seems to have him using his Live CDs for web surfing and only using the XP machine offline and as dial-up ICS server.

Poor kid, no matter what I say he always seems to think it's his fault for checking out new gaming sites.

:(

I went there with my windows machine and nothing happened. I went with both IE and Firefox.

Define "nothing happened". The site's former DNS provider is no longer hosting that record (and hasn't been, for the last full week), so you should have gotten a "googkle.com could not be found" error. Or something like that.

I got a not found, if that's what you mean by nothing happened then it's correct :)

Yeah, when I saw the news it was already killed..