Seen in the wild: New scam pretends to be Google

>

No news in having another trojan doing typical host redirects, but in this case, we found the use of Google’s name to be mildly interesting: A new variant of Trojan.Delf from the Loadscc gang changes your host file to redirect to a fake Google page. The fake Google page pushes a SpywareIsolator, a rogue antispyware program.

O1 - Hosts: 124(dot)217(dot)251(dot)147 google.dkO1 - Hosts: 124(dot)217(dot)251(dot)147 google.seO1 - Hosts: 124(dot)217(dot)251(dot)147 google.co.nz

Gooelscannerscam3212008B

Resulting infection if one follows the suggestion above:

Spywareisolator

Alex Eckelberry
(Thanks Patrick Jordan)

posted by Sunbelt Software Blog at 6:29 PM | Permalink Comment (1) | Trackback (0)
Digg This | Slashdot This | Add to del.icio.us