Trend Micro's Malware Blog has information about fake Google front page as part of dirty job of new malware. More details and interesting screenshots at http://blog.trendmicro.com/fake-google-web-page-and-an-im-worm/
[Typo in title fixed as requested – Tony] |
There is one question the blog post doesn't give an answer: What the browser status bar says when you are clicking a malicious links "About Google" etc., it shows the real address, I believe, and due to Hosts.sam change these clicks go to 64.xx.xx.75home.exe (or zin.exe)
The screenshot shows the IP address in the status bar, but where is the mouse symbol in the picture?
Thanks for the typo fix |
The cursor is not shown in Screenshots. |
Yes, there is no mouse pointer, i.e. cursor. It the authors of this malware are wise (but we don't want this to happen) the browser shows real address, no IP address. |