Difference between revisions of "Goggle"
|  (Created page with "center|600px  '''Goggle''' was a ''typosquating'' domain that was registered in 1998.  Around 2004, '''Goggle''' became a site that preyed on Windows 95 users who were still using that operating system because they were too cheap to upgrade to Windows XP.  ==Typosquating?==  Typosquatting is a type of social engineering attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, i...") | |||
| Line 8: | Line 8: | ||
| ==What Happened?== | ==What Happened?== | ||
| [[File:goggleexpoit.png|right|450px]] | |||
| Back in 2004, you were probably too cheap to upgrade your OS and browser. Because you were so cheap, you were probably using something stupid like Windows 98 coupled with Internet Explorer. Then you decided to visit '''Goggle.'''  when you meant to type '''Google''' into your address bar.  Once this happened, you were treated with a bevy of malware, adware, trojans, scareware, ransomeware, and spyware.  In layman's terms, you were '''shit outta luck.''' | |||
| Additionally, you got pop up ads that drove you insane.  But that was just the start.  While you were furiously clicking the '''X''' button to shut down the pop ups, because that is what everybody did back in those days, Goggle was using an exploit that was within the Windows operating system at the time. | |||
| ==The Windows Metafile Exploit== | |||
| First off, the microsoft guys who thought up the Windows metafile format were idiots. Secondly, I am sure they thought nobody would ever think to do what malicious coders might do... | |||
| '''.WMF''' files were an image file that, when opened, executed a bunch of commands in the background.  One of these commands was the '''gdi32.dll''' file that had the job of communicating with printers.  It also had a huge vulnerability. This vulnerability allowed the .dll to execute '''ANY''' Windows command. | |||
| We aren't talking about opening your CD tray to make it a cup holder anymore.  This exploit was dangerous. | |||
| Basically, any person who clicked on an image, would begin a vicious cycle where the image would cause a ton of files to be downloaded in the background without the person's knowledge.   | |||
| ==In Action== | |||
| {{Q|It's going to start displaying various pop-up (ads) and it's going to start tracing your privacy information and potentially start stealing that.}} | |||
| Some examples... | |||
| ===Myspace=== | |||
| Researchers at iDefense this week identified a banner advertisement on MySpace.com that uses a Windows security vulnerability to download spyware onto an unpatched PC, another sign that cybercriminals quickly are catching on to the social networking site's massive popularity.<ref>https://www.scmagazine.com/news/content/malicious-myspace-banner-downloads-spyware-in-latest-social-networking-attack</ref> | |||
| ===Deckoutyourdeck=== | |||
| More than 1 million users of MySpace.com and other Web sites may have been infected with adware spread by a banner advertisement, according to iDefense, a computer security group. The advertisement, for a site called deckoutyourdeck.com, appeared in user profiles on MySpace, an online community with at least 70 million users, said Ken Dunham, director of the rapid response team at iDefense, which is owned by VeriSign Inc. The ad exploits a problem in the way Microsoft Corp.'s Internet Explorer browser handles Windows Metafile (WMF) image files.<ref>https://www.helpnetsecurity.com/2006/07/20/protecting-myspace-users-against-ad-based-exploits/</ref> | |||
| ===Washington Post=== | |||
| Unpatched Internet Explorer users who visited the websites that displayed the malicious banners would become infected by a Trojan horse. The Trojan would then download and install spyware that tracks the infected machine's web usage and displays pop-up ads. Thanks to the nature of the security flaw and the way Trojan horse's work, the malicious activity would go unnoticed by the user.<ref>https://hothardware.com/news/spyware-infected-millions-via-hacked-ad-on-myspace</ref> | |||
| ==SpySheriff== | |||
| Remember all of those pop up advertisements you were furiously clicking to get rid of?  Well '''Goggle''' had a ''coup de grace'' ready for your dumb ass if you were stupid enough to click on any of them.  This final blow was SpySherif. | |||
| '''SpySheriff''' was a malware program that disguised itself as antivirus software. Once you got yourself out of the Goggle fog and thought that you were back onto the normal internet, SpySherif would start popping up a control panel that explained how many viruses, trojans, and other vulnerabilities you were now subjected to. | |||
| People stupid enough to go to Goggle were also stupid enough to give SpySheriff access to further access to Windows administrative permissions.  SpySheriff would edit registry keys to the point where it was part of the Windows operating system.  Once done, internet access was no longer possible unless you wished to only view the SpySheriff website. | |||
| SpySheriff also fucked with you by: | |||
| *Creating new administrator accounts | |||
| *Fuck with your system volume | |||
| *Do crazy shit with your preferences | |||
| *Change your wallpaper to something icky | |||
| *Turn off System Restore | |||
| *Crash your PC if you tried to uninstall it | |||
| *Eventually make your PC unusable | |||
| ==Windows Vista== | |||
| As much as everybody shit all over Vista, it actually patched the Windows Metafile Exploit. | |||
| ==References== | |||
| <references /> | |||
Revision as of 01:31, 20 March 2023
Goggle was a typosquating domain that was registered in 1998. Around 2004, Goggle became a site that preyed on Windows 95 users who were still using that operating system because they were too cheap to upgrade to Windows XP.
Typosquating?
Typosquatting is a type of social engineering attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites.
What Happened?
Back in 2004, you were probably too cheap to upgrade your OS and browser. Because you were so cheap, you were probably using something stupid like Windows 98 coupled with Internet Explorer. Then you decided to visit Goggle. when you meant to type Google into your address bar. Once this happened, you were treated with a bevy of malware, adware, trojans, scareware, ransomeware, and spyware. In layman's terms, you were shit outta luck.
Additionally, you got pop up ads that drove you insane. But that was just the start. While you were furiously clicking the X button to shut down the pop ups, because that is what everybody did back in those days, Goggle was using an exploit that was within the Windows operating system at the time.
The Windows Metafile Exploit
First off, the microsoft guys who thought up the Windows metafile format were idiots. Secondly, I am sure they thought nobody would ever think to do what malicious coders might do...
.WMF files were an image file that, when opened, executed a bunch of commands in the background. One of these commands was the gdi32.dll file that had the job of communicating with printers. It also had a huge vulnerability. This vulnerability allowed the .dll to execute ANY Windows command.
We aren't talking about opening your CD tray to make it a cup holder anymore. This exploit was dangerous.
Basically, any person who clicked on an image, would begin a vicious cycle where the image would cause a ton of files to be downloaded in the background without the person's knowledge.
In Action
Some examples...
Myspace
Researchers at iDefense this week identified a banner advertisement on MySpace.com that uses a Windows security vulnerability to download spyware onto an unpatched PC, another sign that cybercriminals quickly are catching on to the social networking site's massive popularity.[1]
Deckoutyourdeck
More than 1 million users of MySpace.com and other Web sites may have been infected with adware spread by a banner advertisement, according to iDefense, a computer security group. The advertisement, for a site called deckoutyourdeck.com, appeared in user profiles on MySpace, an online community with at least 70 million users, said Ken Dunham, director of the rapid response team at iDefense, which is owned by VeriSign Inc. The ad exploits a problem in the way Microsoft Corp.'s Internet Explorer browser handles Windows Metafile (WMF) image files.[2]
Washington Post
Unpatched Internet Explorer users who visited the websites that displayed the malicious banners would become infected by a Trojan horse. The Trojan would then download and install spyware that tracks the infected machine's web usage and displays pop-up ads. Thanks to the nature of the security flaw and the way Trojan horse's work, the malicious activity would go unnoticed by the user.[3]
SpySheriff
Remember all of those pop up advertisements you were furiously clicking to get rid of? Well Goggle had a coup de grace ready for your dumb ass if you were stupid enough to click on any of them. This final blow was SpySherif.
SpySheriff was a malware program that disguised itself as antivirus software. Once you got yourself out of the Goggle fog and thought that you were back onto the normal internet, SpySherif would start popping up a control panel that explained how many viruses, trojans, and other vulnerabilities you were now subjected to.
People stupid enough to go to Goggle were also stupid enough to give SpySheriff access to further access to Windows administrative permissions. SpySheriff would edit registry keys to the point where it was part of the Windows operating system. Once done, internet access was no longer possible unless you wished to only view the SpySheriff website.
SpySheriff also fucked with you by:
- Creating new administrator accounts
- Fuck with your system volume
- Do crazy shit with your preferences
- Change your wallpaper to something icky
- Turn off System Restore
- Crash your PC if you tried to uninstall it
- Eventually make your PC unusable
Windows Vista
As much as everybody shit all over Vista, it actually patched the Windows Metafile Exploit.



