Sunbelt BLOG: Anatomy of a malicious host file hijack
A good analysis of a current host file hijacking trojan.. A couple of points I thought were really significant was the quality of the fake website and the range of hosts attacked.
It really shows significant efforts are being put into this if someone's producing that number of fake sites, and I'd imagine if the server they're currently on is taken down the setup of another will be relatively easy, making it easy to redploy this attack.
Realistically if a usual end-user got this, there's almost no way they could detect the forgery (although it doesn't mention whether the SSL cert. is faked well)
Also worringly there's a list of A-V programs, at the bottom of the post, several of which don't currently detect this trojan...
