Some visitors to the Google Italy site are getting an unwelcome surprise this week, as a look-alike site hijacks their browsers and installs malware on their machines.
Researchers at IT security vendor SurfControl plc 's Global Threat Expert center reported today that they have discovered an "evil twin" Website that looks almost exactly like the Google Italy site. In an exploit known as "typosquatting," attackers have built the evil twin under a URL that is spelled slightly differently, duping users who might make an errant keystroke or click on a bad link.
When users enter, the fake site automatically attempts to install ActiveX controls on their PCs. If the installation is successful, the site drops a Trojan horse that redirects the homepage to a site filled with adult content.
In addition, the site installs a package of malware on the user's PC, including adware and a keylogger that can be used to monitor the user's keystrokes and send the information to a remote location. Some users have also experienced attempts to send spam through the infected machines, including spam with malware attached, SurfControl said.
Users can fight the fake by turning off Internet Explorer's ability to automatically install ActiveX controls, the security vendor says. If ActiveX controls are turned off, the user cannot be infected without giving the go-ahead for installation.
Tim Wilson, Site Editor, Dark Reading