Phishers Create URLs on Google Gadget Domain

The domain that hosts Google Gadget or small applications that Web developers write are capable of misappropriation by phishers, according to a Web researcher on Friday August 17, 2007.

Google Gadgets collect information and data on the Web to subsequently show them on different Web pages. This is an easy way for Webmasters to display various kinds of data on their Websites ranging from astronomical data to sports scores.

Unfortunately, phishers can misuse them to escape anti-phishing filters. These attackers could set up a phishing website on Google's gmodules.com domain and then send the URL to potential victims. Since the gmodules.com domain enjoy the trust of anti-phishing filters, users under attack might visit the phishing URL without receiving any warning by the filtering software on their browser.

Robert Hansen, a researcher on computer security, reported the problem to Google's security group but he didn't receive a satisfactory response. Google told Hansen that the issue he considers as a security flaw is actually the site's normal behavior. Hansen could not reach Google for immediate comment.

Google should prevent using the gmodule.com domain for URLs to stop online criminals from using it. If Google does nothing with this domain, fraudsters will surely use it for attacks, said Hansen. Infoworld published this in news on August 17, 2007.

Such attacks are likely to be inevitable. However, a vigilant surfer on the Web might not enter his private or financial information on any site that this domain hosts.

It may not be possible to restrict phishers from misusing such sites if Google allows its users to write content. They need to make this easily accessible domain arrest modules that malicious people write. The model is not an unreasonable one, and this is what they can best do to host material that other parties create without themselves being attacked, said Alex Stamos, a researcher with Isec Partners. Computer World published this in news on August 20, 2007.

Phishing assaults are progressively increasing day after day. In addition, major companies like Google are not doing their job responsibly enough, which exposes their users to such attacks.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 9/3/2007