Trojan-downloading fake Google site discovered

SurfControl Threat Experts are investigating a malicious website posing as the Italian Google site. Currently this spoofed site is hostedon the top-level domain for Belize. 
 
This website is using a typosquatting technique to mimic a legitimate looking domain and serves a Google page looking identical to the original.   Upon visiting the site the impostor will attempt to install ActiveX controls, but can only do so automatically if Internet Explorer security settings allow automatic installation of ActiveX controls, otherwise the end user will have to accept the installation for the infection to occur.
 
If the ActiveX install is accepted, a number of Trojans are installed and the user’s homepage is changed to a website featuring Adult content.   SurfControl’s analysis of this threat continues and ATI may update this alert later in today.
 
Techniques:
 
– Capitalises on a common typing error in the Google name
– Site is crafted to look like a legitimate Google site with a legitimate Google URL.
– Use of ActiveX controls to install a package of malware with keylogging and adware capabilities: Agent.zs.Trojan, Agent.lk.Trojan, Small.hj.Trojan, Agent.wd.Trojan Â




Share this