Hackers create a lookalike Google Italy site and lure users to download malicious apps

Tim Wilson, Editor in Chief, Dark Reading, Contributor

October 12, 2006

1 Min Read

Some visitors to the Google Italy site are getting an unwelcome surprise this week, as a look-alike site hijacks their browsers and installs malware on their machines.

Researchers at IT security vendor SurfControl plc 's Global Threat Expert center reported today that they have discovered an "evil twin" Website that looks almost exactly like the Google Italy site. In an exploit known as "typosquatting," attackers have built the evil twin under a URL that is spelled slightly differently, duping users who might make an errant keystroke or click on a bad link.

When users enter, the fake site automatically attempts to install ActiveX controls on their PCs. If the installation is successful, the site drops a Trojan horse that redirects the homepage to a site filled with adult content.

In addition, the site installs a package of malware on the user's PC, including adware and a keylogger that can be used to monitor the user's keystrokes and send the information to a remote location. Some users have also experienced attempts to send spam through the infected machines, including spam with malware attached, SurfControl said.

Users can fight the fake by turning off Internet Explorer's ability to automatically install ActiveX controls, the security vendor says. If ActiveX controls are turned off, the user cannot be infected without giving the go-ahead for installation.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights