Google Toolbar Scam Exposed

Discussion in 'other security issues & news' started by TeMerc, Oct 5, 2005.

Thread Status:
Not open for further replies.
  1. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    This was first blogged about by Chris Boyd, aka Paperghost:

    They whacked Google!

    Full Read @ Vitalsecurity.org

    Shortly after, Sunbelt blogged it:
    Full Read @ Sunbelt blog

    Now, comes the real breakdown and detailed analysis from SpywareGuide and Chris:

    The Rogue Google Toolbar: History and Variants
    by Christopher Boyd, Security Research Manager, FaceTime Security Labs


    Introduction

    There is currently a browser hijacker in circulation which installs a fake Google Toolbar, hijacking the HOSTS file to redirect most Google domains and placing a homepage hijacker in the Temporary Internet Files folder, from which an Internet Explorer based search engine claims to be powered by Google. The bundle also includes a rogue antispyware tool, called “World Antispy”.

    However – this attack, viewed out of context, does not build up a sufficient picture of the tactics / techniques used by the group responsible for the install. A press release by Panda Antivirus has covered the main features of this install here, and they had previously discovered an earlier version of this hijacker in April. Sunbelt Software also found a variant some weeks ago. But the group behind this has actually been trying to exploit Google since 2003.

    Through systematic research, Facetime Security Labs have found that there are three distinct versions of this attack, each one exploiting different security vulnerabilities and installing a different payload. Here is a HJT log from September 14th, 2003. Note the Google HOSTS file hijack. Here is a discussion thread that contains the same HOSTS file hijack, from even further back – July 9th, 2003. Finally, here is one more discussion of this infection technique from September 26th, 2003.

    Full Read @ SpywareGuide

    Related Article @ SpywareGuide
     
    Last edited: Oct 5, 2005
  2. Tog

    Tog Guest

    Is the same happening to MSN?
    Set home page to MSN uk.
    Leave Hotmail and get redirected to MSN america!
    Reset home page etc etc
     
Loading...
Thread Status:
Not open for further replies.