Contact Us divider Newsletter Signup divider How to Buy dividerFaceForward Blog
Home | Press Release
Contact Sales

Press Release

FaceTime Identifies Fake Google Toolbar Propagated Thru Instant Messaging and Internet Relay Chat

Forensic Data from FaceTime Security Labs Points to a 'CWS' Variant

FOSTER CITY, CALIF. - October 5, 2005 - FaceTime today warns users about malicious links being spread through instant messaging (IM) and Internet Relay Chat (IRC) which downloads a rogue, fake Google toolbar and adware on users machines and re-directs users to a page collecting credit card information. This complex phishing scheme which takes advantage of Google's trusted brand, borrows exploits of an application commonly referred to as "CoolWebSearch," although it is still unclear on who is responsible for the scheme.

FaceTime researchers warned of two URL links to be involved with a browser hijacker currently in circulation. These links lead users to a Web page which begins the install and calls a Windows Help File. Once this happens, the full install is launched and the HOSTS file hijack is inserted, the fake Google toolbar appears upon reboot and the anti-spyware program known as "World Antispy" launches. The fake toolbar performs a browser redirect on most Google domains. Users may also experience a pop-up window which asks for credit card information. Through systematic research, FaceTime Security Labs have found that there are three distinct versions of this attack, each one exploiting different security vulnerabilities and installing a different payload using different vectors, including IM and IRC.

"Hackers are clearly using new vectors such as IM to take advantage of reputable, trusted brands such as Google," said Chris Boyd, Senior Researcher at FaceTime Security Labs. "Our research finds that this phishing scam is financially motivated by a third party using incredibly elaborate bundles that deliver a rogue Google toolbar with many of the same elements as the real Google toolbar."

What Customers Can Do to Prevent these Installs
FaceTime Enterprise Edition and IMAuditor customers can proactively block these malicious links and prevent infections before they happen by blocking downloads of the specific executable files associated with the threat. For more information, visit FaceTime Security Labs' reference site at spywareguide.com: http://spywareguide.com/articles/dissection_of_rogue_google_too_88.html

About FaceTime Communications
FaceTime Communications enables the safe and productive use of instant messaging, Web usage and Unified Communications platforms. Ranked number one by IDC for four consecutive years, FaceTime's award-winning solutions are used by more than 900 customers – including nine of the 10 largest U.S. banks – for security, management and compliance of real-time communications. FaceTime supports or has strategic partnerships with all leading public and enterprise IM network providers, including AOL, Google, Microsoft, Yahoo!, Skype, IBM and Jabber.

FaceTime is headquartered in Belmont, California. For more information visit http://www.facetime.com or call 888-349-FACE. The FaceForward blog, at http://blog.facetime.com, offers thoughts and opinions about the changing nature of Internet communications.

PR Contact:

Emily Chamberlin
650-762-2945
echamberlin@ar-edelman.com


Current Press Releases

Press Release Archives
2007 | 2006 | 2005 | 2004
2003 | 2002 | 2001

In the News Archives
2007 | 2006 | 2005 | 2004
2003 | 2002 | 2001

Customers

Awards & Certifications

Sign up for FaceTime's eNewsletter: The FaceTimes

The FaceTimes Archives

FaceTime Security Labs
Get information on the latest IM, P2P and spyware threats
 
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2008, FaceTime Communications, Inc. All rights reserved.   Privacy Policy