July 21, 2006 www.TechWorld.com
Scammers have set up an exact copy of the download page for Google’s Toolbar plug-in in an attempt to lure users to download a Trojan backdoor.
Reported by security outfit Surfcontrol, some versions of the scam even spoof the correct Google Toolbar Web address for Internet Explorer, using Google’s own redirection service in an attempt to hide the real, non-Google address.
The Trojan itself -- W32.Ranky.FW -- is designed to turn the PC into a bot spam-zombie, and is spread using the conventional technique of asking recipients of a spam email to follow an embedded link.
According to Surfcontrol, the version detected by the company fails because of poor programming of defective compilation, but it remains a proof-of-concept in how to attack users using a simple combination of convincing elements.
Outwardly simple, the scam has a clever combination of tricks. Although using parts of established Web sites is standard in phishing scams, it is relatively unusual to go to the length of reproducing en entire page precisely, in combination with a convincingly spoofed Web address.
The fact that the spammed e-mail appears to come from Google could convince recipients to follow the link.
Beware of following links in unsolicited emails coming from people you don't know well. If in doubt type the URL directly into your browser's address-bar (location-bar in Mozilla) and search the site to see if the information is authentic. If you want to get the real Google Toolbar go to www.google.com and search for google+toolbar.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 21 July 2006 at 03:17 PM.]</p></FONT>
Fake version of Google Toolbar hides Trojan
Moderator: Wiz Feinberg
-
Wiz Feinberg
- Posts: 6117
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
-
Gary Shepherd
- Posts: 2490
- Joined: 3 May 2004 12:01 am
- Location: Fox, Oklahoma, USA
- State/Province: Oklahoma
- Country: United States
I don't know why anyone uses ANY of those toolbars. I hate 'em.
------------------
Gary Shepherd
Carter D-10
www.16tracks.com
------------------
Gary Shepherd
Carter D-10
www.16tracks.com
-
Dave Potter
- Posts: 1568
- Joined: 15 Apr 2003 12:01 am
- Location: Texas
- State/Province: Texas
- Country: United States
-
Wiz Feinberg
- Posts: 6117
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
Not all toolbars are harmful. Some include security features. It is important to research any toolbar one is contemplating installing.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>