What Happens To Your Computer if You Mispell Google.com

Sun, 21 Jan 2007 11:41:44 GMT
by pdp

That's for real people. Don't try this at home! Leave it to the professionals.

The attack surface of WEB technologies has dramatically increased over the past couple of years. It is not only about WEB Applications. Today we explore client side technologies which also play big part in the Web security game.

This footage, although a little bit dramatized, is not that far from the truth. If you go on-line with unprotected browser it is almost guaranteed that you will get hacked in a matter of hours. Exploit code for various IE and FF bugs is easily accessible on the net today. With a few modifications, this code can reach a user base greater then any worm has ever achieved. That's mainly because Web technologies are highly accessible. Think about it: RSS feeds, splogging, AJAX worms, dark SEO...

Let's image for a second what the impact would be if the Sammy worm was shipped with the infamous IE VML exploit for example. Here is what Sammy is saying about his worm:

I have hit 1,000,000+ users. In less than 20 hours, I've hit over 1/35th of all myspace users. Every request is from a unique, living, and logged in user. I refresh once more and now see nothing but a message that my profile is down for maintenance. I messed up... I'll never get caught. I'm Popular.

1,000,000+ users in less then 20 hours. That's something. Even if only 1% of them are visiting MySpace with vulnerable IE, we are already talking about 10,000 users. That's about the average botnet size, as reported here:

In its latest annual Internet threat report, Cupertino, Calif.-based security giant Symantec Corp. reported that the average botnet size was around 10,500 machines. Washingtonpost

We all know that the number of vulnerable IE browsers visiting MySpace is much higher.

Where does this leaves us? Well, security professionals are still fighting on the front line. Sure, we disclose vulnerabilities that can be used to do bad things, but this is done on purpose and in fact mostly done to fix the bloody thing and make it more secure.

Archived Comments

DaveKDaveK
Fell down laffing :) That's the funniest vid I've seen in ages!
Super Pedant ManSuper Pedant Man
“mispell”? NICE ONE LOL
you are kiddingyou are kidding
You are kidding of course, right? Stay unpatched and you deserve to be hacked regardless of the platform you're using. And back to our regular program...
dandan
Very cool video, but now i'm afraid of using the internet. ;)
Randall MRandall M
Thanks pdp for your work.
pdppdp
thanks man, I am glad that u like the stuff that we talk about here
BobBob
Nothings happen when i go to http://www.goggle.nl/ i think this is a joke
pdppdp
Why goggle.nl? Try goggle.com!
Justin CaseJustin Case
OMG that computer got *** a thousand times but that only works with IE not firefox right? has anyone been brave enough to try it with IE?? just to see if its true...
pagvacpagvac
Bob, try installing XP on a test computer (without patching it), and go to goggle.com using IE 6 running with administrative privileges and tell me what happens. :-D lol pdp, keep the funnies coming!
bobdolebobdole
I only had a WinXP SP2 vm laying around. There are no patches beyond the default SP2 install CD install. Sorry to disappoint, but it didn't work for me. That means IF it is using any exploits they can not have been released in the last year or so. Yes the site hosts pop-up ads, and after I said to allow all popup ads from the site I got ONE, but nothing else happened. It's possible when the video was made that one of the ads itself was hosting malicious content, but still... someone else needs to actually try and verify this since I doubt it very very much (I'm not saying there aren't sites out there like that, it's my job to find them, I'm just saying that this is just normal typo-squatting by a normal ad service)
pdppdp
bobdole, you might be right. As far as I know this footage was circulating the net for quite some time now. I am not sure how old it is neither whether it is real or not. However, it depicts something that is absolute possible.
MustLiveMustLive
Nice video :-). It's all about Windows and IE. And guys try to not misspell google.com. For example, I use google.com.ua and usually use my internal Mozilla's search functions (with selected Google search engine). And by the way, pdp, "misspell" with double "s" ;-). P.S. Gnucitizen.org has performed an illegal operation and will be shut down. :-D
AodhhanAodhhan
This article actually brings up a few good points, which goes beyond just ensuring your browser is patched. It only proves the point: No matter how far you go out of your way to make something idiot proof, someone will find a way to build a better idiot. Mistyping a url can be a disaster for anyone who isn't paying attention to what they are doing. Imagine having to make a payment online. You've procrastinated to the last moment. Instead of using the computer at home where you have it bookmarked, you use the computer at work. You casually type in the url and wha-la the familar page pops up and you type in your information, enter your payment and press enter. A few seconds later you get a confirmation screen or not... it doesn't matter... you already sent your data to the wrong url which you mistyped. It was quite easy for someone at www.myban.com to copy the data from www.mybank.com to his url. He only needs to be successful once. As security professionals, we need to try to protect our users from malicious websites as well as our systems. This has a double affect though, since many of these malicious sites, will also try to send something back into our systems with the user. What can we do? Usually the best angle of defense here would be with a proxy server. Collect a list of most frequently hit web sites, then come up with some common mis-spellings for each. Simply block at the proxy server. Looks like you've already learned Google mis-spellings is a good start! One last hint: If you want to be a Spelling Nazi. Ensure your grammar is top notch. Things like... not begining a sentence with the word, "And" or misusing a comma. Might make you look bad!
MPMP
Does anyone know who created this video?
pdppdp
Sorry MP, I cannot help you.
LogoLogo
It showes it ones again, don't go surfing with Microsoft Products!
flevourflevour
Video is not accessible anymore? Are there any other sources to view it from?
pdppdp
Google remove the video a couple of times. I keep updating this page for that reason. I guess someone still has it on youtube.com. Let me know if you find it.
ohforfohforf
Is it this one ? //www.youtube.com/watch?v=MjbKmw4tK8c
pdppdp
cheers man, awesome...
lollol
lol...glad I'm on linux
RicheyRichey
I'm afraid to use the internet explorer but i'm not afraid to use Mozilla Firefox.
Raymond trangiaRaymond trangia
Why afraid if your not doing any exe installers it should be fine check out this http://bit.ly/god-is-real
SpamuelSpamuel
I spend a lot of my time doing maintenance on computers that have complacent operators. Especially with your home computer it is wise to check for updates for all your drivers and software once a weak. Daily if you really want to keep up on it. It will save you money if you don't know how to fix your computer once its malfunctioning.
PhilPhil
Hi the video is down can someone reupload it? Thanks.