FOSTER CITY, CALIF. - October 5, 2005 -
FaceTime today warns users about malicious links being spread
through instant messaging (IM) and Internet Relay Chat (IRC) which
downloads a rogue, fake Google toolbar and adware on users machines
and re-directs users to a page collecting credit card information.
This complex phishing scheme which takes advantage of Google's
trusted brand, borrows exploits of an application commonly referred
to as "CoolWebSearch," although it is still unclear on who is
responsible for the scheme.
FaceTime researchers warned of two URL links to be involved with
a browser hijacker currently in circulation. These links lead users
to a Web page which begins the install and calls a Windows Help
File. Once this happens, the full install is launched and the HOSTS
file hijack is inserted, the fake Google toolbar appears upon
reboot and the anti-spyware program known as "World Antispy"
launches. The fake toolbar performs a browser redirect on most
Google domains. Users may also experience a pop-up window which
asks for credit card information. Through systematic research,
FaceTime Security Labs have found that there are three distinct
versions of this attack, each one exploiting different security
vulnerabilities and installing a different payload using different
vectors, including IM and IRC.
"Hackers are clearly using new vectors such as IM to take
advantage of reputable, trusted brands such as Google," said Chris
Boyd, Senior Researcher at FaceTime Security Labs. "Our research
finds that this phishing scam is financially motivated by a third
party using incredibly elaborate bundles that deliver a rogue
Google toolbar with many of the same elements as the real Google
toolbar."
What Customers Can Do to Prevent these
Installs
FaceTime Enterprise Edition and IMAuditor customers can
proactively block these malicious links and prevent infections
before they happen by blocking downloads of the specific executable
files associated with the threat. For more information, visit
FaceTime Security Labs' reference site at spywareguide.com: http://spywareguide.com/articles/dissection_of_rogue_google_too_88.html
About Actiance, Inc. (Formerly FaceTime Communications, Inc.)
FaceTime Communications became Actiance, Inc on January 11, 2011 following an agreement to
transfer the FaceTime trademark to Apple.
FaceTime Communications enables the safe and productive use of Unified Communications and Web 2.0,
including instant messaging, blogs and social networking. Ranked number one by IDC for five consecutive
years, FaceTime's award-winning solutions are used by more than 1,500 customers for the security,
management and compliance of real-time communications. FaceTime supports or has strategic partnerships
with all leading IM, unified communications providers and social networks including AOL, Google, Yahoo!,
Skype, Microsoft, IBM, Cisco, Facebook, LinkedIn and Twitter.
FaceTime is headquartered in Belmont, California. For more information visit
http://www.facetime.com or call 888-349-3223.
PR Contact Information: