Mudcat Café message #1577736

The Mudcat Café ^TM
Thread #85084 Message #1577736
Posted By: JohnInKansas
07-Oct-05 - 04:22 AM
Thread Name: BS: Spybot software? Info, please.
Subject: RE: BS: Spybot software? Info, please.

It probably doesn't deserve a new thread, so here 'tis in the closest related recent place:

A recent report: eWeek: Fake Google Toolbars Go Phishing By Ben Charny, October 5, 2005, reports recent fake messages inviting people to install "updated" Google Toolbars. All functions of the fake toolbars are disabled, with the exception of a keystroke logger to collect your credit card numbers and passwords. (The "enable pornographic ads" function is among the many that don't work.)

Thus far, this Phishing exploit has appeared only in "Instant Messaging" (IM) but similar attacks may be expected via regular email. The IM messages are faked to look like they come from someone on your "buddy list" to make them look legitimate.

The attacks observed appear to use spyware based on "CoolWebSearch" which has been around for quite a while, and is one of those really nasty spyware kinds that often requires more than running an antispyware program for complete removal. (A specialized tool, CWShredder, is available and is frequently recommended if you happen to have run into the CoolWebSearch junk.)

The article notes that Yahoo confirmed in March that some users had been receiving fake IM messages, disguised to look like they came from "buddy list" people, that directed the recipients to fake websites that asked for Yahoo login and account information. Increased attacks via IM are predicted, and almost anything that works in IM may be expected to appear in email.

NEVER CLICK ON UNSOLICETED "OFFERS," even if they look like they came from a "friend." If you really want it, use your own browser and search tools to go to the source, confirm that it's real, and download direct.

NEVER GIVE PERSONAL INFO in response to an email or instant message. If you think someone needs info from you, use your own browser, or better your telephone, to go to a KNOWN GOOD point of contact and verify that the request is legitimate. Even if it's a legitimate request, personal info should NEVER be transmitted except via a SECURE link, indicated by BOTH an https:// addy and a "locked padlock" in the lower status bar.

John