A security vendor is warning Web surfers to beware of a
malicious Web site that poses as a legitimate Google page.
According to Scotts Valley, Calif.-based endpoint security
provider SurfControl, the malicious site spoofs Google's Italian
Web site and uses typo squatting, a technique that "mimics a
legitimate looking domain and delivers a fraudulent Google page
that looks identical to the original."
The fraudulent site attempts to install ActiveX controls on a
user's machine. "This will occur automatically if Internet Explorer
security settings allow installation of ActiveX controls,"
SurfControl said in a statement. "Otherwise, the end user will have
to accept the installation for the infection to occur. If the
ActiveX control is accepted, a number of Trojans are installed,
redirecting the homepage to a Web site featuring adult
content."
In addition to browser hijacking, SurfControl said the Web site
installs a keylogging Trojan that monitors keystrokes and sends
information to a remote location. The vendor said it has witnessed
incidents where infected machines tried to send out malicious spam
emails.
