The security experts from F-Secure have discovered that those who type a letter more to Google's name will be redirected to a site that infects their PC with trojans, backdoors and other spyware and adware codes.
When the browser opens googkle.com, the page displays two pop-up type windows which are actually redirects to other addresses containing scripts.
The ntsearch.com pop-up downloads the file pop.chm, and the one from toolbarpartner.com infects you with ddfs.chm.
This malware include two backdoors, a spyware program and a Trojan downloader.
According to F-Secure's security alert, the attack also includes a Trojan dropper which is copied in Windows System and blocks access to antivirus sites, while another executable copies a DLL file which triggers a false antivirus alarm leading the user to another site where he allegedly updates his computer, but he only downloads more malicious codes.
F-Secure analyzed googkle.com and found out it is recorded by some Russians and a part of the code contains text in the Russian language.
Exploits take advantage of certain security breaches known by hackers; the users with up to date Windows operating systems are safe.
In this moment, www.googkle.com is blocked.