Friday, April 16, 2010

When Google isn't helping, just make your own...

Google vs. Googpillc
During our research of infected websites we ran into this interesting find. We found a website that looks nearly identical to Google, but it isn't Google.

This is an interesting twist to the typical approach of simply redirecting the user directly to questionable pharmacies. With the faux-Google approach the attackers are trying to regain the victim's trust by presenting them with a Google-like appearance and even offering them a list of (fraudulent) pharmacies to visit.

The faux-Google is complete with advertisements on the right side of the screen. Just think, the miscreants might be selling advertising positions to their cohorts. Underground-AdWords.

Website Access
If you simply go to the googpillc.com website you will only see an 'under construction' warning and nothing will appear abnormal.

However, if you are brought to the website from another infected website then the faux-Google facade will appear.

Outbound Links
The number of websites that are presented to the visitor appear to be limited, they are reused in several times in the search results. The search results vary but the outbound links are limited.

Browsing Caution
As if there isn't enough reason for caution while browsing the Internet, this is just one more reason. Always be sure to keep an eye on the URL you are currently visiting, it might have jumped to another website without you knowing it.

No comments:

Post a Comment