Sophos Uncovers Malware that Pretends to Be Google Buzz
Google’s new social networking service, Google Buzz, has been around for just a couple of days now. It was enough to spur a lot of interest in the service. On popular micro-blogging site Twitter for example, Google Buzz was one of the hottest topics. Furthermore, the Google Buzz team announced that tens of millions of people checked out the new service. Many started to use it – more than 9 million posts and comments were created in the 2 days since Google Buzz was launched. More than 200 posts are sent per minute from mobile phones.
Whenever something big happens, the people with malicious intent that lurk around the internet take interest. Take the Haiti earthquake for example. Barely had it struck that people with malicious intent were using the tragic even as a vector spread malware and scam people. With Google Buzz being such a hot topic on the internet, the bad guys couldn’t look away.
The first malware to exploit the Google Buzz hype has just been uncovered, announced Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions.
“It has been barely two days since Google announced their new social integration and messaging tool called Google Buzz. Today we saw the first example of malware, W32/Zuggie-A, pretending to be Google Buzz. Analysis of W32/Zuggie-A gives the impression of a hastily assembled worm, really a modification of the W32/SillyFDC family of worms but with a twist,” explained Senior Technology Consultant with Sophos, Graham Cluley.
Cluley explained that when he launched Firefox on a machine infected with this malware, he uncovered the malware installed an extension called “Firefox security 2.0". The phony extension added a JavaScript that was triggered whenever the browser sends a query to search engines Yahoo!, Bing, Google, AOL, Ask.com. The extension executes JavaScript that clicks all adds displayed on the search results page.
“Google Buzz is new and is garnering quite a bit of interest and adoption among Internet users including myself,” added Graham Cluley. “Clearly the malware authors view Google Buzz as the fresh big lucrative social fruit to exploit much like they have done with Facebook, MySpace, Hi5 and others. So in the coming weeks and months I predict we will see a host of new malware exploiting or attempting to exploit Google Buzz as the malware authors figure out its internals. This may have only been an exploratory attempt or a quick response to the latest craze - only time will tell.”
Whenever something big happens, the people with malicious intent that lurk around the internet take interest. Take the Haiti earthquake for example. Barely had it struck that people with malicious intent were using the tragic even as a vector spread malware and scam people. With Google Buzz being such a hot topic on the internet, the bad guys couldn’t look away.
The first malware to exploit the Google Buzz hype has just been uncovered, announced Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions.
“It has been barely two days since Google announced their new social integration and messaging tool called Google Buzz. Today we saw the first example of malware, W32/Zuggie-A, pretending to be Google Buzz. Analysis of W32/Zuggie-A gives the impression of a hastily assembled worm, really a modification of the W32/SillyFDC family of worms but with a twist,” explained Senior Technology Consultant with Sophos, Graham Cluley.
Cluley explained that when he launched Firefox on a machine infected with this malware, he uncovered the malware installed an extension called “Firefox security 2.0". The phony extension added a JavaScript that was triggered whenever the browser sends a query to search engines Yahoo!, Bing, Google, AOL, Ask.com. The extension executes JavaScript that clicks all adds displayed on the search results page.
“Google Buzz is new and is garnering quite a bit of interest and adoption among Internet users including myself,” added Graham Cluley. “Clearly the malware authors view Google Buzz as the fresh big lucrative social fruit to exploit much like they have done with Facebook, MySpace, Hi5 and others. So in the coming weeks and months I predict we will see a host of new malware exploiting or attempting to exploit Google Buzz as the malware authors figure out its internals. This may have only been an exploratory attempt or a quick response to the latest craze - only time will tell.”
