A new trick for Internet thieves to pry through one’s personal affects on a computer has appeared. It would seem a mimicked version of the Google Toolbar is floating around with loads of gimmicks to rob the user blind.
Facetime Communications, a provider of security for greynet apps, said the tool bar was being distributed through IM and IRC. The fake toolbar gets installed along with adware that redirects users to a site that collects credit card numbers.
“Hackers are clearly using new vectors such as IM to take advantage of reputable, trusted brands such as Google,” said Chris Boyd, Senior Researcher at FaceTime Security Labs.
“Our research finds that this phishing scam is financially motivated by a third party using incredibly elaborate bundles that deliver a rogue Google toolbar with many of the same elements as the real Google toolbar.”
Facetime warned:
of two URL links to be involved with a browser hijacker currently in circulation. These links lead users to a Web page, which begins the install and calls a Windows Help File. Once this happens, the full install is launched and the HOSTS file hijack is inserted, the fake Google toolbar appears upon reboot and the anti-spyware program known as “World Antispy” launches. The fake toolbar performs a browser redirect on most Google domains. Users may also experience a pop-up window, which asks for credit card information. Through systematic research, FaceTime Security Labs have found that there are three distinct versions of this attack, each one exploiting different security vulnerabilities and installing a different payload using different vectors, including IM and IRC.
This is no surprise really. As more and more tools become available for Google, Yahoo and others, it stands to reason that occasionally, someone would develop something to take advantage of those tools and try to make some money.
John Stith is a staff writer for Murdok covering technology and business.