Malware That Pretends To Be Google

Malware authors (AKA the criminals or the bad guys), use many advanced techniques to hide their activities. From encoding, to encrypting, to auto-generated random domains, conditional redirections and many other interesting methods.

In the middle of all their advanced options, they also use simple techniques to confuse the end user to think that a malicious domain is from a legitimate organization. As of late, it seems the usual organization chosen is Google.

What do you think a user will think when they see the following code on their site:

<iframe src=""…

Yes, they will think it is the Google Adsense code, and not worry too much about it. However, that domain is not from Google. It was just registered a few months ago:

Registrar: BIZCN.COM, INC.
Whois Server:
Referral URL:
Updated Date: 12-mar-2012
Creation Date: 21-feb-2012

Registrant Contact:
Elisabeth Defeo
609981987 fax: 609981987
Camino Real, 40
Bedia Bedia 48390

It is being used to distribure malware. Same applies to, a domain registered 2 months ago and also being used to distribute malware (currently redirecting users to And according to Google, it has infected aeound 1500 different sites:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1415 domain(s), including,,

That’s just a couple examples. We see often domains pretending to be affiliated with Google, Opera, MSN and others:

So, next time you see a site like loading in your browser, make sure it is really a valid domain. If in doubt, scan it on SiteCheck or run a whois on the domain to see who registered it.

You May Also Like