Thursday, October 06, 2005

Fake Google Toolbars Go Phishing

An Internet security specialist says a new threat forces computers to install faked Google software, which then goes phishing.

Partner Resource Center Phishing is where e-mails, IM (instant messages) or Web sites parody a legitimate company, and try to get users to provide personal information or financial account numbers and passwords.

The latest cases involve bogus Google software spread via IM, and appear to be a variety of the infamous CoolWebSearch phishing scheme, according to Foster City-Calif.-based FaceTime Security Labs. CoolWebSearch has never been spread via IM before.

In the recent cases, IM users unwittingly download a rogue tool bar, which is installed on a Web browser and provides easier access to an Internet search provider.

Tool bars also contain measures to block pop-up advertisements.

Read more here about new developments in tool bars.

The only working feature on the fake Google Toolbar saves credit card details, according to Christopher Boyd, the security research manager of Foster City, Calif.-based FaceTime Security Labs. A bevy of others, including one to "enable pornographic ads," do not work.

IM is increasingly a target of phishers, as the latest attacks show.

Some IM-related attempts date back to 2003.

Most recently, in early March, Yahoo Inc. confirmed that some of its Yahoo Messenger customers received a message that appears to be coming from a buddy-list contact.

Users can be lulled into directing a Web browser to a Yahoo Web page requesting log-in information for Yahoo accounts, according to an analysis by Akonix Systems Inc.

The cases in point appear similar to a rather infamous method of hijacking Web browsers known as CoolWebSearch, Boyd adds.

Instant messaging is increasingly a target of phishers, as the latest attacks show.

Some IM-related attempts date back to 2003. Most recently, in early March, Yahoo Inc. confirmed, came under attack through Yahoo Messenger, its IM service.

In the attack, users receive an IM message that often appears to be coming from a buddy-list contact.

The IM attempts to lull users into clicking on a URL, which then takes them to a spoofed Yahoo page requesting login information for their Yahoo accounts, according to an analysis by Akonix Systems Inc.

More:

http://www.eweek.com/article2/0,1895,1867739,00.asp