Trojan that attacks Russian Internet users using a new trick to spread itself. Known as “Bicololo” was first discovered in October 2012 and specially designed to steal login credentials from users. Malware modified system Hosts file (i.e etc/hosts) to host perfect phishing sites via DNS poisoning to collect social networking and email credentials. Because it is difficult for a user to determine that he is redirected to a phishing site the attack going smoothly. The most frequent phishing clones of vk.com, odnoklassniki.ru and mail.ru like popular sites noticed in wind.ru.
Source: https://thehackernews.com/2013/02/bicololo-malware-spreading-via-404.html