Malware Purveyors’ Latest Attack Exploits Google Wave’s Popularity

Researchers at the Web security firm Symantec have found that authors of malicious codes are now cashing in on people's interest in the new 'Wave' service of Google. The service is an online tool to conduct real-time collaboration and communication.

Reportedly, Symantec Security Response, which has identified the new vicious scam, has found that it entices consumers who are looking forward to join the community of Google Wave, via twin promises, one that offers a 'Google Wave' invite-generating application and another that offers scope for making profit via the sale of those invites to additional users interested in Wave. Further, the attack takes off with the spamming of a message via Internet forums, Twitter feeds or spam e-mails.

But, if users download the file, they would unwittingly install a backdoor Trojan on their systems, thus giving the attacker access to their computers.

Patrick Fitzgerald, security analyst at Symantec, stated that in addition to exploiting people's wide acceptance of the Google Wave, the attack also capitalizes on the trust people have in Google's name, to convince users that the file offered for download is genuine, reported v3.co.uk on November 3, 2009.

Fitzgerald further added that cybercriminals are utilizing Google Wave as a lure simply because it is currently so popular, adding that unfortunately the tactic is something scammers always employ; hence Internet users need to remain vigilant.

Meanwhile, Symantec has suggested certain security tips to consumers viz. they must be careful before deciding to click on any link, especially if the link appears to be from unfamiliar sources. Also, they must merely take down applications that genuine senders remit. In this regard, there is a webpage on the official website of Google Wave where users can ask for invites.

Additionally, Symantec recommends that users must deploy robust and up-to-date security software on their computers for detecting and removing malware.

In the meantime, attacks by malware distributors on the computers belonging to users interested in Google Waves are nothing new. During October 2009, Websense, another Internet security firm, warned that search for Google Wave-related phrases on Google search engine presented results which led surfers onto fake anti-virus websites that ultimately infected their computers.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 11/13/2009