Author Topic: I googlebared a virus..  (Read 1586 times)

Offline W1nTry

  • Administrator
  • Akatsuki
  • *****
  • Posts: 11329
  • Country: tt
  • Chakra 109
  • Referrals: 3
    • View Profile
  • CPU: Intel Core i7 3770
  • GPU: Gigabyte GTX 1070
  • RAM: 2x8GB HyperX DDR3 2166MHz
  • Broadband: FLOW
  • Steam: W1nTry
  • XBL: W1nTry
I googlebared a virus..
« on: December 19, 2007, 04:18:56 PM »
Quote
Unpatched Google Toolbar Flaw Presents ID Theft Risk
By Ryan Naraine
December 18, 2007

A hacker finds a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the browser.
   

 Be the first to comment on this article


A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.
ADVERTISEMENT

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.

In an IM interview with eWEEK, Raff said multiple versions of the toolbar allows spoofed information to be presented to the user when adding a new browser toolbar icon/button.

eWEEK.com Special Report: Exploiting Google

"This can allow an attacker to convince the users that his button comes from a trusted domain. This button can then be used to download malicious files or conduct phishing attacks," Raff said in an advisory.

eWEEK has confirmed the bug on the Google Toolbar 5 beta for Internet Explorer. Raff said the production version (Google Toolbar 4) for both Microsoft's Internet Explorer and the open-source Firefox browsers is also affected.

Google has been notified and is working on a fix, Raff said. eWEEK.com Special Report: Browser Security

"An attacker can use this vulnerability to gain the victim's trust to add and use the button, and by that the victim will trust the files that the button offer, or enter private information. In the new beta version of the toolbar, it is also possible to alert the user every few seconds to click on the button," Raff said.

The researcher has released a proof-of-concept exploit to demonstrate how a specially rigged Web page can trick a user into believing third-party toolbar buttons are being downloaded from Google's domain.

In the absence of a fix, Raff suggested that Google Toolbar users avoid adding new buttons.

Carigamers

I googlebared a virus..
« on: December 19, 2007, 04:18:56 PM »

Offline daniboy79

  • Kage
  • ****
  • Posts: 1004
  • Chakra 9
  • Referrals: 0
    • View Profile
Re: I googlebared a virus..
« Reply #1 on: December 19, 2007, 04:26:36 PM »
hence i have NO use for Toolbars of any kind! :violent5:
Antec 900
Gigabyte EP35-DS3L
Intel Q6600 with Tt TMGi1 HSF
2GB Crucial Ballistix Tracer PC2 6400 (4,4,4,12)
eVGA GeForce 8800GTS 640MB
Maxtor-DM21 250GB  SATAII
Seagate 500GB SATAII
Acer AL2223Wd 22" Monitor
Logitech Z5500 5.1 Surround Monitors

Offline New Era Outlaw

  • Divides by Zero
  • Akatsuki
  • *****
  • Posts: 4793
  • Country: 00
  • Chakra 131
  • The prodigal gunslinger returns.
    • PS3, PS4
  • Referrals: 0
    • View Profile
  • PSN: RyRodrigo
Re: I googlebared a virus..
« Reply #2 on: December 19, 2007, 05:45:52 PM »
hence i have NO use for Toolbars of any kind! :violent5:

Quoted for truth. Those things are a damn nuisance, anyway.

Carigamers

Re: I googlebared a virus..
« Reply #2 on: December 19, 2007, 05:45:52 PM »

 


* ShoutBox

Refresh History
  • Crimson609: yea everything cool how are you?
    August 10, 2022, 07:26:15 AM
  • Pain_Killer: Good day, what's going on with you guys? Is everything Ok?
    February 21, 2021, 05:30:10 PM
  • Crimson609: BOOM covid-19
    August 15, 2020, 01:07:30 PM
  • Shinsoo: bwda 2020 shoutboxing. omg we are in the future and in the past at the same time!
    March 03, 2020, 06:42:47 AM
  • TriniXjin: Watch Black Clover Everyone!
    February 01, 2020, 06:30:00 PM
  • Crimson609: lol
    February 01, 2020, 05:05:53 PM
  • Skitz: So fellas how we go include listing for all dem parts for pc on we profile but doh have any place for motherboard?
    January 24, 2020, 09:11:33 PM
  • Crimson609: :ph34r:
    January 20, 2019, 09:23:28 PM
  • Crimson609: Big up ya whole slef
    January 20, 2019, 09:23:17 PM
  • protomanex: Gyul like Link
    January 20, 2019, 09:23:14 PM
  • protomanex: Man like Kitana
    January 20, 2019, 09:22:39 PM
  • protomanex: Man like Chappy
    January 20, 2019, 09:21:53 PM
  • protomanex: Gyul Like Minato
    January 20, 2019, 09:21:48 PM
  • protomanex: Gyul like XJin
    January 20, 2019, 09:19:53 PM
  • protomanex: Shout out to man like Crimson
    January 20, 2019, 09:19:44 PM
  • Crimson609: shout out to gyal like Corbie Gonta
    January 20, 2019, 09:19:06 PM
  • cold_187: Why allur don't make a discord or something?
    December 03, 2018, 06:17:38 PM
  • Red Paradox: https://www.twitch.tv/flippay1985 everyday from 6:00pm
    May 29, 2018, 09:40:09 AM
  • Red Paradox: anyone play EA Sports UFC 3.. Looking for a challenge. PSN: Flippay1985 :)
    May 09, 2018, 11:00:52 PM
  • cold_187: @TriniXjin not really, I may have something they need (ssd/ram/mb etc.), hence why I also said "trade" ;)
    February 05, 2018, 10:22:14 AM

SimplePortal 2.3.3 © 2008-2010, SimplePortal