Phishers Plant Fake Google Toolbar

[_FRG_]

Be aware! Phishers Plant Fake Google Toolbar

From Security Pipeline magazine:

By  Gregg Keizer     Courtesy of  TechWeb News

Phishers are playing off Google's brand name, a security researcher said Wednesday, by flooding IM and IRC with messages that lead to a download of a bogus Google toolbar whose sole purpose is to steal credit card information.

Facetime's senior researcher Chris Boyd warned that two URL links are in circulation over instant messaging (IM) and Internet relay chat (IRC) channels; both links lead the naive to a page which, among other actions, installs and launches a phony Google toolbar, hijacks the Windows HOSTS file, and adds the anti-spyware program known as "World Antispy." The toolbar, in connection with the rewritten HOSTS file, redirects most Google addresses and pops up a window asking for credit card information.

IMlogic, another IM security vendor, said in its alert that the IM side of the attack was limited to Yahoo Messenger users, and the hack was using some of the same vulnerabilities in Microsoft's Internet Explorer as the infamous CoolWebSearch, the broad name given to a line of sneaky software that has in the past been dubbed "the Ebola of adware." This is the first known instance of a CoolWebSearch-style attack being propagated over an IM network.

Boyd said that Facetime has spotted three variations of the attack, each one exploiting a different vulnerability and installing a slightly different payload.

"Hackers are clearly using new vectors such as IM to take advantage of reputable, trusted brands such as Google," said Boyd in a statement. "Our research finds that this phishing scam is financially motivated by a third party using incredibly elaborate bundles that deliver a rogue Google toolbar with many of the same elements as the real Google toolbar."

The phishing attack is just the latest threat coming in over IM networks. According to IMlogic, the number of IM assaults has jumped by 14 times since the first of the year. In the third quarter alone, IMlogic tracked 10 times the number of IM threats than in all of 2004.

Direct link