If You’re Seeing Gooogle, You’re Infected

Google has long been the target to many attacks and on the odd occasion it redirects to infected pages. This was the case noticed last week, of many Google Groups links that supposedly had pictures or movies of stars performing various actions (more into the pr0n area, none were giving money away to charity). That was pretty well put together, it sent
users to a page that had a YouTube lookalike player image that said it was loading and, if memory serves me right, below was a link to "Watch full video here." Needless to say, clicking that was the beginning of a strong symbiosis between the computer accessing it and a flock of viruses.

This week, there’s a "Gooogle.com" virus, that mimics the real search engine’s page, except for one additional ‘o’ in the logo. At the moment, it has only been reported in Italy and it has embedded some malicious code that automatically loads the file registrazione.exe. You really don’t want to see that on your computer, it contains the file TROJ_AGENT.AAFY and the URL it hosts is detected as HTML_AGENT.AAFX, according to Trend Micro.

That's an option...

After the two files finish their job, users will be redirected to a horoscope website while downloading additional malware such as TROJ_AGENT.ZTH just to keep the previous two company if you’re lucky, but if you caught this, I guess the stars weren’t shining for you. After all is installed and downloaded, there will be an error message that the desired web page cannot be loaded. Upon opening a new page, users will be redirected to another site that claims to be the default Google homepage, www.googler.com. Congratulations, you passed the virus’ test, you’re the lucky owner of some serious malware on your computer.

On a side note, if a non-infected user tries to access any of these sites, he will be redirected to the official Google page, due to The Anticybersquatting Consumer Protection Act which says that typosquatting is clearly illegal.

[Source: softpedia]