Phishers Plant Fake Google Toolbar - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:54 PM

Phishers Plant Fake Google Toolbar

Phishers are spreading links to the phony toolbar using IM and IRC chat.

Phishers are playing off Google's brand name, a security researcher said Wednesday, by flooding IM and IRC with messages that lead to a download of a bogus Google toolbar whose sole purpose is to steal credit card information.

Facetime's senior researcher Chris Boyd warned that two URL links are in circulation over instant messaging (IM) and Internet relay chat (IRC) channels; both links lead the nave to a page which, among other actions, installs and launches a phony Google toolbar, hijacks the Windows HOSTS file, and adds the anti-spyware program known as "World Antispy." The toolbar, in connection with the rewritten HOSTS file, redirects most Google addresses and pops up a window asking for credit card information.

IMlogic, another IM security vendor, said in its alert that the IM side of the attack was limited to Yahoo Messenger users, and the hack was using some of the same vulnerabilities in Microsoft's Internet Explorer as the infamous CoolWebSearch, the broad name given to a line of sneaky software that has in the past been dubbed "the Ebola of adware." This is the first known instance of a CoolWebSearch-style attack being propagated over an IM network.

Boyd said that Facetime has spotted three variations of the attack, each one exploiting a different vulnerability and installing a slightly different payload.

"Hackers are clearly using new vectors such as IM to take advantage of reputable, trusted brands such as Google," said Boyd in a statement. "Our research finds that this phishing scam is financially motivated by a third party using incredibly elaborate bundles that deliver a rogue Google toolbar with many of the same elements as the real Google toolbar."

The phishing attack is just the latest threat coming in over IM networks. According to IMlogic, the number of IM assaults has jumped by 14 times since the first of the year. In the third quarter alone, IMlogic tracked 10 times the number of IM threats than in all of 2004.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll