Phishers Plant Fake Google Toolbar - InformationWeek
01:54 PM

Phishers Plant Fake Google Toolbar

Phishers are spreading links to the phony toolbar using IM and IRC chat.

Phishers are playing off Google's brand name, a security researcher said Wednesday, by flooding IM and IRC with messages that lead to a download of a bogus Google toolbar whose sole purpose is to steal credit card information.

Facetime's senior researcher Chris Boyd warned that two URL links are in circulation over instant messaging (IM) and Internet relay chat (IRC) channels; both links lead the nave to a page which, among other actions, installs and launches a phony Google toolbar, hijacks the Windows HOSTS file, and adds the anti-spyware program known as "World Antispy." The toolbar, in connection with the rewritten HOSTS file, redirects most Google addresses and pops up a window asking for credit card information.

IMlogic, another IM security vendor, said in its alert that the IM side of the attack was limited to Yahoo Messenger users, and the hack was using some of the same vulnerabilities in Microsoft's Internet Explorer as the infamous CoolWebSearch, the broad name given to a line of sneaky software that has in the past been dubbed "the Ebola of adware." This is the first known instance of a CoolWebSearch-style attack being propagated over an IM network.

Boyd said that Facetime has spotted three variations of the attack, each one exploiting a different vulnerability and installing a slightly different payload.

"Hackers are clearly using new vectors such as IM to take advantage of reputable, trusted brands such as Google," said Boyd in a statement. "Our research finds that this phishing scam is financially motivated by a third party using incredibly elaborate bundles that deliver a rogue Google toolbar with many of the same elements as the real Google toolbar."

The phishing attack is just the latest threat coming in over IM networks. According to IMlogic, the number of IM assaults has jumped by 14 times since the first of the year. In the third quarter alone, IMlogic tracked 10 times the number of IM threats than in all of 2004.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll