New Trojan Offers Google UpdateNew Trojan Offers Google Update

A new Trojan poses as a Google toolbar update, but it's really a botnet trap

Dark Reading logo in a gray background | Dark Reading

If you get an email from Google and follow its directions to update your toolbar, congratulations: You're now a bot.

The latest Google-related exploit, found by SurfControl, poses as a message from Google that takes users to a Website that's a replica of the popular search engine. Once you download the "update," however, you're "punk'd" by a Trojan into joining a spam botnet.

A bit of malformed code in the Trojan has kept it from spreading much, says Susan Larson, vice president of global threat analysis and research for SurfControl. The security company has seen just a handful of separate instances of the threat so far.

"We saw an executable that was malformed and wasn't operating properly," says Larson, who expects the Trojan to re-emerge in other iterations after the code is repaired. "And this code has been seen before."

Security experts say the clever look of this exploit may be new, but the attack mode is common. "This is simply a new variation of an old technique. Any semi-creative attacker is going to come up with a handful of new ways to do old things, like getting a bot installed on a PC," says Pete Lindstrom, research director for Spire Security. "We need to be catching this at the email gateway, not relying on any individual user."

This isn't the first time attackers have masqueraded as Google. Last year, a phishing email posing as a message from Google also offered toolbar updates via a link that loaded malware onto the user's system. Unlike the new bug, however, that exploit didn't direct the user to a fake Google Website, Larson says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with three decades of experience in reporting and editing for various technology and business publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was selected three consecutive times as one of the Top 10 Cybersecurity Journalists in the US, and was named as one of Folio's 2019 Top Women in Media. She has been with Dark Reading since its launch in 2006.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights