This viral video, which has lately been doing the rounds on Youtube, is a classic “doomsday” video of how your computer will die if you visit a certain web site - in this case, goggle.com, a mis-spelling of google.com.
Now, I decided to see if “goggle.com” really existed, because I doubt the consequences would be too diabolical. This would be because
- I’m using Firefox
- I’ve got Javascript switched off by default, which is normally how these attacks are sprung.
At first sight, the web site should start to ring alarm bells as not being Google’s home page.
Other important points to note:
- McAfee SiteAdvisor lists the site as red, meaning “use extreme caution”.
- NoScript has blocked some kind of script. These days it’s not that unusual as practically every web page triggers some javascript, but combined with the fact it’s not Google and that SA has listed the site as red, it is suspicious.
- There is an asterisk after the words “free” and “click here to claim” - but no matching footnote.
The space in the top-right hand corner was obviously meant to be occupied by a countdown timer, and a quick inspection of the javascript reveals:
<SCRIPT LANGUAGE="JavaScript" SRC="http://www.fluxads.com/goggle/slider.js"></SCRIPT> <script> var popunder="http://ads.trekdata.com/flux/insane0220.html" var winfeatures="width=800,height=1000,scrollbars=1,resizable=1,toolbar=1,location=1,menubar=1,status=1,directories=0" var once_per_session=1 function get_cookie(Name) { var search = Name + "=" var returnvalue = ""; if (document.cookie.length > 0) { offset = document.cookie.indexOf(search) if (offset != -1) { // if cookie exists offset += search.length // set index of beginning of value end = document.cookie.indexOf(";", offset); // set index of end of cookie value if (end == -1) end = document.cookie.length; returnvalue=unescape(document.cookie.substring(offset, end)) } } return returnvalue; } function loadornot(){ if (get_cookie('popunder')==''){ loadpopunder() document.cookie="popunder=yes" } } function loadpopunder(){ win2=window.open(popunder,"",winfeatures) win2.blur() window.focus() } if (once_per_session==1) loadpopunder() else loadornot() </script> <script type="text/javascript"> var _countDowncontainer=0; var _currentSeconds=0; function ActivateCountDown(strContainerID, initialValue) { _countDowncontainer = document.getElementById(strContainerID); if (!_countDowncontainer) { alert("count down error: container does not exist: "+strContainerID+ "nmake sure html element with this ID exists"); return; } SetCountdownText(initialValue); window.setTimeout("CountDownTick()", 1000); } function CountDownTick() { if (_currentSeconds <= 0) { window.location = "index.html"; return; } SetCountdownText(_currentSeconds-1); window.setTimeout("CountDownTick()", 1000); } function SetCountdownText(seconds) { //store: _currentSeconds = seconds; //get minutes: var minutes=parseInt(seconds/60); //shrink: seconds = (seconds%60); //get hours: var hours=parseInt(minutes/60); //shrink: minutes = (minutes%60); //build text: //var strText = AddZero(hours) + ":" + AddZero(minutes) + ":" + AddZero(seconds); var strText = AddZero(minutes) + ":" + AddZero(seconds); //apply: _countDowncontainer.innerHTML = strText; } function AddZero(num) { return ((num >= 0)&&(num < 10))?"0"+num:num+""; } </script> <script type="text/javascript"> window.onload=WindowLoad; function WindowLoad(event) { ActivateCountDown("CountDownPanel", 300); } </script>
The bit I’m concentrating on is highlighted in bold, because that is the part that triggers a series of popup and pop-under windows after the countdown clock expires. These popups then have the ability (assuming Javascript or ActiveX in IE is on) to install festoons of spyware, adware, fake spyware removal tools, adverts, etc. So if you were a novice and had to stop for five minutes to phone your techy son/local computer geek, the machine would get you anyway.
Let’s now assume that our victim is so gullible that he/she follows one of the links in the hope of getting a free laptop/etc. As soon as he enters his Email address and personal details, they’re immediately open to spammers. So if you don’t want to sacrifice your inbox for life (remember spam filters are computers, therefore as stupid as their programmers and not as effective as they would have you think) don’t sign up for one of these “freebie” sites.
