Google Toolbar Allows Phishing Attacks

Google Toolbar Allows Phishing Attacks

Many bloggers love the Google toolbar because it shows that all-important green PageRank bar. Unfortunately, it seems that some of Google’s young, just-out-of-college, hot shot programmers got a little sloppy and left an exploit door wide open.

As usual, this exploit only affects the already security troubled Microsoft Internet Explorer and apparently not Firefox or other browsers. Google is working on fix but from looking at their toolbar page it’s not clear if a fix for the problem has been released. It doesn’t seem to be but you can bet the espresso machines are working overtime and the Wii systems are going untouched at one area of the Googleplex.

According to security blogger Aviv Raff the flaw is found in the code that the Google Toolbar uses to add new buttons to the browser. Because its security checks are lacking when a new button is installed this leaves the door open for a malware site, spoofing a legit site, to deliver a malicious payload through one of those infamous ’specially crafted links’. Raff’s site has proof of concept code if you want to dig into the details of it.

How the Attack Goes Down

Fortunately, the attack requires positive user interaction.

First, you have to go to a malware distribution site. If you’ve been reading Vic’s blog you know how easy it is to get someone to do that with a compelling bait-and-switch ad tactic.

Next, the user has to OK the installation of a custom button. However, the social engineering trick here is that it appears that the button is from a well known, legitimate, source.

Once the button is installed, the victim of the attack must click the button and agree to download and install an executable file that contains a malicious program.

Since the attack requires so many steps, it would require a user to be very trusting or very curious about the button. Therefore, most security experts have given the threat a low rating. However, it’s probably a good policy to not download addon buttons for the Google Toolbar until they release a fix for this flaw. Or, just don’t use IE unless you absolutely have to.

What are your thoughts on this? Leave me a comment and let me know.


RSS feed | Trackback URI


Comment by Gabriella
2007-12-21 21:21:02

Great article and this is the first I even heard about it. Just another reason why everyone should be using Firefox, especially people who don’t know why!

Comment by jfc
2007-12-21 21:48:40

Hi Gabriella,

The attack does work in Firefox although the location of the attack can’t be spoofed like it can in IE.

I hope you aren’t using that landing page with Google AdWords. They’ll probably kill you on the quality score. Promoting it using blog comments probably isn’t a good idea either.

Name (required)
E-mail (required - never shown publicly)
A Link To Your Site
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong> in your comment. Comments with links are automatically moderated but are normally allowed after review. New commentators are automatically moderated. You may use anchored text in your signature link as long as your comment is meaningful and on topic. Signature links inside of the comment body are not allowed.


Some graphics Copyright 2005 Riverdeep Interactive Learning Limited, and its licensors. All rights reserved
Some graphics Copyright 2005 Cosmi Corporation, and its licensors. All rights reserved.
All graphics are intended for viewing purposes only.

Directory of General Blogs Personal blogs Top Blogs Marketing SEO blogs Webfeed (RSS/ATOM/RDF) registered at BRDTracker blog directory