BEWARE: phony Google Toolbar plug-in

Status
Not open for further replies.
D

DelJo63

July 21, 2006 (TechWorld.com) -- Bot-herders have set up an exact copy of the download page for Google’s Toolbar plug-in in an attempt to lure users to download a Trojan backdoor.

Reported by security outfit Surfcontrol, some versions of the scam even spoof the correct Google Toolbar web address for Internet Explorer, using Google’s own redirection service in an attempt to hide the real, non-Google address.

The Trojan itself - W32.Ranky.FW - is designed to turn the PC into a bot zombie, and is spread using the conventional technique of asking recipients of a spam email to follow an embedded link.

According to Surfcontrol, the version detected by the company fails because of poor programming of defective compilation, but it remains a proof-of-concept in how to attack users using a simple combination of convincing elements.
 
Status
Not open for further replies.
Back