Google Toolbar: A New Malware Threat

Google Toolbar: A New Malware Threat

Summary: Now there’s another source of potential malware to worry about. A researcher has released code that shows how a hacker can use the Google toolbar to get users to install malicious software or expose themselves to a phishing attack by installing a new toolbar button.

SHARE:

Now there’s another source of potential malware to worry about. A researcher has released code that shows how a hacker can use the Google toolbar to get users to install malicious software or expose themselves to a phishing attack by installing a new toolbar button.

The report from TrendLabs Malware blog says that the attack uses a “…specially crafted link to that refers to the button’s XML file, which when clicked displays a dialog box summarizing the details of the button to be installed.” The hacker manipulates the URL within the dialog to make it appear non-malicous by adding special redirector strings. Trust is increased, improving the likelihood that the user will click on the link. Once installed, the user must click the link to install the malicious code or launch a fake log-in process.

According to the report, Google classifies the attack as non-critical due to the steps required for its execution. Google is said to be looking at a way to fix the bug.

The attack affects Google Toolbar 4 for Internet Explorer and Firefox as well as Google Toolbar 5 for IE.

Topics: Security, Browser, Google, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Due to the potential of attack

    a number of Google apps aren't installed on end-user PCs at work, not because they were at the time a threat, but just due to its growth, it's potential misuse and misplace in the workplace, the toolbar itself seemed more hassle than help anymore.
    Boot_Agnostic
    • Google Toolbar

      I absolutely agree with Boot_Agnostic.
      C4Ever
  • No Problem

    Unless one uses Microsoft, this is no problem, right?
    epcraig
  • After Secunia issued a warning to remove...

    the Google toolbar 3.x, I tried to do this and found out it is impossible to do this.. I followed every advisory and source I could find for Windows IE 7 and none of the workarounds did any good. I finally simply deleted the execution file out of pure frustration. But I left the newer ones there out of fear I would foul up my browser installation.

    I now want to get rid of all Google tool bar remnants in my system and their are no instructions anywhere on how to do this safely; and that actually do remove the toolbar.

    And don't tell me to go to Add-Remove programs as it is not listed there! I've been there and done that and more; and those solutions don't work. In fact they don't even disable the tool bar.
    JCitizen
    • You can get rid of...

      You can get rid of the BHO using Windows Defender, or any of several other tools that list Browser Helper Objects installed on the system.
      Dr. John
    • Forgot...

      http://www.google.com/support/toolbar/bin/answer.py?answer=9231&query=uninstall&topic=&type=&hl=en has the info for uninstalling it.
      Dr. John
      • Thanks for the rep Doc but that doesn't work..

        I don't completely understand the search bar in the header of IE 7; but I assumed I never had the Google bar until Secunia's PSI found the files and warned about end of life status. When I searched this file I found execution files for versions 3, 4, and 5.x.

        Perhaps these files are only used if you pick Google as your homepage; but my firewall had been reporting that Google's notification script was constantly contacting Google to check for toolbar highjacking. This and the information from PSI(Personal Software Inspector) make for a lot of confusion; especially on the warning messages that indicate google tool bar IS installed when it supposedlhy is not.

        Very confusing!
        JCitizen
  • All toolbars are bad

    I have recently built a system myself so I had total control on what is installed; I have none of the cr*pware that usually come with a retail PC such as Dell and HP it is surprising how much better it runs. Those toolbars don't add enough value to be worth installing. After all, it is little more than a Google ad sitting on top of your browser every time that you start the browser, isn't it?
    balsover
    • Works Fine for Me

      Using OS X 10.4.11 Tiger.

      In addition to a search of my computer, applications can be started by as little as four
      keystrokes or about a half seconds. This is faster and easier than a mouse.
      msackett