Seen in the wild: New scam pretends to be Google


No news in having another trojan doing typical host redirects, but in this case, we found the use of Google’s name to be mildly interesting: A new variant of Trojan.Delf from the Loadscc gang changes your host file to redirect to a fake Google page. The fake Google page pushes a SpywareIsolator, a rogue antispyware program.

O1 - Hosts: 124(dot)217(dot)251(dot)147 google.dkO1 - Hosts: 124(dot)217(dot)251(dot)147 google.seO1 - Hosts: 124(dot)217(dot)251(dot)147


Resulting infection if one follows the suggestion above:


Alex Eckelberry
(Thanks Patrick Jordan)

posted by Sunbelt Software Blog at 6:29 PM | Permalink Comment (1) | Trackback (0)
Digg This | Slashdot This | Add to