As the following article by Ben Charney from eWeek shows, toolbars can make excellent pharming implements. I predicted this in one of my early blog postings, and of course it had to come true. Please note that I'm not hitting on Google – I'm pointing out a problem much broader than any one company or technology.
An Internet security specialist says a new threat forces computers to install faked Google software, which then goes phishing.
Phishing is where e-mails, IM (instant messages) or Web sites parody a legitimate company, and try to get users to provide personal information or financial account numbers and passwords.
I actually see this as pharming as much as phishing, since the toolbar resides on your PC and continues to harvest information. But hey! Maybe it does both at once!
The latest cases involve bogus Google software spread via IM, and appear to be a variety of the infamous CoolWebSearch phishing scheme, according to Foster City-Calif.-based FaceTime Security Labs. CoolWebSearch has never been spread via IM before.
In the recent cases, IM users unwittingly download a rogue tool bar, which is installed on a Web browser and provides easier access to an Internet search provider.
Tool bars also contain measures to block pop-up advertisements.
The only working feature on the fake Google Toolbar saves credit card details, according to Christopher Boyd, the security research manager of Foster City, Calif.-based FaceTime Security Labs. A bevy of others, including one to “enable pornographic ads,” do not work.
IM is increasingly a target of phishers, as the latest attacks show.
Some IM-related attempts date back to 2003.
Most recently, in early March, Yahoo Inc. confirmed that some of its Yahoo Messenger customers received a message that appears to be coming from a buddy-list contact.
Users can be lulled into directing a Web browser to a Yahoo Web page requesting log-in information for Yahoo accounts, according to an analysis by Akonix Systems Inc.
The cases in point appear similar to a rather infamous method of hijacking Web browsers known as CoolWebSearch, Boyd adds.
Instant messaging is increasingly a target of phishers, as the latest attacks show.
Some IM-related attempts date back to 2003. Most recently, in early March, Yahoo Inc. confirmed, came under attack through Yahoo Messenger, its IM service.
In the attack, users receive an IM message that often appears to be coming from a buddy-list contact.
The IM attempts to lull users into clicking on a URL, which then takes them to a spoofed Yahoo page requesting login information for their Yahoo accounts, according to an analysis by Akonix Systems Inc.
Let's work on holistic solutions that protect against these attacks and leverage progress made in one application across all others. As I told Mary Branscombe of the Guardian,
Improving site security with a better password system, or a toolbar that checks you are at the right site, can't fix a general security problem. “There are excellent people working on these things, but they can't counter current threats without changing the way computers behave in a distributed fashion,” Cameron says. “We need to work together.”