Search and Suffer: Imitation Google Page Threatens with Trojan

Dennis Faas's picture

It appears as though a rather clever imitation of Google's toolbar download is infecting thousands of innocent users with a Trojan horse.

Looking almost exactly like the original Google downloads page, those who request files from the imitation site are finding their systems loaded with W32.Ranky.FW. The Trojan turns any unlucky PC into a raving automaton, spreading itself by simply requesting recipients of spam emails to follow a suggested link.

The problem was first discovered by online rent-a-cops at Surfcontrol, who have since declared that the Trojan horse program is far from perfect in its mischievous construction. As a result of poor programming, it typically fails to spread, but does act as a potential omen for larger infestations of the same kind. Most frightening is the use of an established name and appropriate and convincing representation -- all factors that could easily rope in unsuspecting victims in the future. (Source:

Thus, the new malware and virus threat may come from imitation strategies.

What's next?

Clearly, any replication of popular downloads, from Microsoft's WGA or security updates, are susceptible to such manipulation.

Google faced similar problems with its brand power a year ago when hackers attacked anyone who misspelled when entering the simple address. Malware goons set up malicious websites for any domain near the name Google, launching users with poor grammar into a pop-up nightmare with each linking to malicious script. (Source:

For a long time, those wise to the malware and virus strategies have been able to pick off an imitation from a server away. Today, it appears such a simple defense might be inadequate, stepping up the fight between average web users and those who serve to annoy.

| Tags:
Rate this article: 
No votes yet