Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
Recent Posts
Monthly Blog Archives
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« Random Skype Conversations With A Bulgarian...Sort Of | Main | More Fake Instant Messaging Scams »

  • Fake GoogleTalk Application In The Wild

We're still trying to pin down exactly how new this is, but it seems someone has released a fake Google Talk application into the wild.

Compare the fake application on the left with the real thing on the right, and note the differences:


Immediately, we can see that the real thing has a rounded curve at the top - the fake is blocky, and looks like a regular Windows application box. There's an "Inbox" link at the top when you start up the fake application - there isn't a link like that when firing up Google Talk for the first time. The Username / Password box is much lower down on the fake application, and (again) the real "Sign In" button is curved on the real application. Finally, you'll see "Forgot your account / Don't have an account" on the genuine Google Talk program - not so on the fake.

How does this work?

Well, the program doesn't connect to the Internet - for this attack to be successful, the hacker needs physical access to a PC that lots of people use. Could be a workplace PC, could be in a school, library, Net Cafe - anywhere where it's possible to run an executable file then retreat to a safe distance while the potential victim sits down and thinks "Just need to check something on IM..."

Assuming the victim enters their login details into the fake application, they will immediately see a fake error message, and probably think no more of it:


Once they've finished whatever they were doing and left the PC, the attacker only has to sit down and browse to the C Drive where they'll see this:


As you probably guessed, any all login details typed into the fake application will be stored in this text file:


We detect this application as Fake Googletalk.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Additional Research: Chris Mannon, FSL Senior Threat Researcher

  • TrackBack

TrackBack URL for this entry:

  • Comments

It's originalish as far as I can tell. I've never seen a program that phishes you and keeps the details ON the computer, instead of sending it somewhere else.
Good read as usual! Keep it coming!

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.