New Trojan Offers Google Update

A new Trojan poses as a Google toolbar update, but it's really a botnet trap

If you get an email from Google and follow its directions to update your toolbar, congratulations: You're now a bot.

The latest Google-related exploit, found by SurfControl, poses as a message from Google that takes users to a Website that's a replica of the popular search engine. Once you download the "update," however, you're "punk'd" by a Trojan into joining a spam botnet.

A bit of malformed code in the Trojan has kept it from spreading much, says Susan Larson, vice president of global threat analysis and research for SurfControl. The security company has seen just a handful of separate instances of the threat so far.

"We saw an executable that was malformed and wasn't operating properly," says Larson, who expects the Trojan to re-emerge in other iterations after the code is repaired. "And this code has been seen before."

Security experts say the clever look of this exploit may be new, but the attack mode is common. "This is simply a new variation of an old technique. Any semi-creative attacker is going to come up with a handful of new ways to do old things, like getting a bot installed on a PC," says Pete Lindstrom, research director for Spire Security. "We need to be catching this at the email gateway, not relying on any individual user."

This isn't the first time attackers have masqueraded as Google. Last year, a phishing email posing as a message from Google also offered toolbar updates via a link that loaded malware onto the user's system. Unlike the new bug, however, that exploit didn't direct the user to a fake Google Website, Larson says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights