No news in having another trojan doing typical host redirects, but in this case, we found the use of Google’s name to be mildly interesting: A new variant of Trojan.Delf from the Loadscc gang changes your host file to redirect to a fake Google page. The fake Google page pushes a SpywareIsolator, a rogue antispyware program.
O1 – Hosts: 124(dot)217(dot)251(dot)147 google.dk
O1 – Hosts: 124(dot)217(dot)251(dot)147 google.se
O1 – Hosts: 124(dot)217(dot)251(dot)147 google.co.nzand so on…
Resulting infection if one follows the suggestion above:
Alex Eckelberry
(Thanks Patrick Jordan)