Now there’s another source of potential malware to worry about. A researcher has released code that shows how a hacker can use the Google toolbar to get users to install malicious software or expose themselves to a phishing attack by installing a new toolbar button.
The report from TrendLabs Malware blog says that the attack uses a “…specially crafted link to that refers to the button’s XML file, which when clicked displays a dialog box summarizing the details of the button to be installed.” The hacker manipulates the URL within the dialog to make it appear non-malicous by adding special redirector strings. Trust is increased, improving the likelihood that the user will click on the link. Once installed, the user must click the link to install the malicious code or launch a fake log-in process.
According to the report, Google classifies the attack as non-critical due to the steps required for its execution. Google is said to be looking at a way to fix the bug.
The attack affects Google Toolbar 4 for Internet Explorer and Firefox as well as Google Toolbar 5 for IE.