Trojan-downloading fake Google site discovered
SurfControl Threat ExpertsÃ‚Â are investigatingÃ‚Â aÃ‚Â malicious websiteÃ‚Â posing asÃ‚Â theÃ‚Â ItalianÃ‚Â Google site. Currently this spoofedÃ‚Â site is hostedon the top-level domain for Belize.Ã‚Â
ThisÃ‚Â website is using a typosquatting technique to mimic a legitimate looking domain and serves a Google page lookingÃ‚Â identical to the original.Ã‚Â Ã‚Â Upon visiting the site theÃ‚Â impostorÃ‚Â will attempt to install ActiveX controls, but can only do so automatically if Internet Explorer security settings allow automatic installation of ActiveX controls, otherwise theÃ‚Â end user will have to accept the installation for the infection to occur.
IfÃ‚Â the ActiveX install is accepted,Ã‚Â a number ofÃ‚Â TrojansÃ‚Â areÃ‚Â installed and the user’s homepageÃ‚Â is changedÃ‚Â to a website featuring Adult content.Ã‚Â Ã‚Â SurfControl’s analysis of this threat continues and ATI may update this alert later in today.
– Capitalises on a commonÃ‚Â typing error in the Google name
– Site is crafted to look like a legitimate Google site with a legitimate Google URL.
– Use ofÃ‚Â ActiveX controls to install a package ofÃ‚Â malware with keylogging and adware capabilities: Agent.zs.Trojan, Agent.lk.Trojan, Small.hj.Trojan, Agent.wd.TrojanÃ‚Â Ã‚