Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

The SpywareGuide Greynets Blog

Main

May 09, 2008

  • More Fake Instant Messaging Scams

Here's another fake Instant Messaging application from the creator of the fake Google Talk program currently in circulation. This time round, the victim is MSN Messenger:

http://blog.spywareguide.com/upload/2008/05/fakem1-thumb.gif
Click to Enlarge

Clicking the "Sign In" button opens up a smaller popup - asking you to fill in your .NET Passport details. Of course, filling in your details will result in a fake "Service could not be found message". Once you leave the PC, the attacker happily wanders over, browses to the C Directory and steals your login details.

These programs seem to be flavour of the month at the moment...

May 08, 2008

  • Fake GoogleTalk Application In The Wild

We're still trying to pin down exactly how new this is, but it seems someone has released a fake Google Talk application into the wild.

Compare the fake application on the left with the real thing on the right, and note the differences:

fakereal.jpg

Immediately, we can see that the real thing has a rounded curve at the top - the fake is blocky, and looks like a regular Windows application box. There's an "Inbox" link at the top when you start up the fake application - there isn't a link like that when firing up Google Talk for the first time. The Username / Password box is much lower down on the fake application, and (again) the real "Sign In" button is curved on the real application. Finally, you'll see "Forgot your account / Don't have an account" on the genuine Google Talk program - not so on the fake.

How does this work?

Well, the program doesn't connect to the Internet - for this attack to be successful, the hacker needs physical access to a PC that lots of people use. Could be a workplace PC, could be in a school, library, Net Cafe - anywhere where it's possible to run an executable file then retreat to a safe distance while the potential victim sits down and thinks "Just need to check something on IM..."

Assuming the victim enters their login details into the fake application, they will immediately see a fake error message, and probably think no more of it:

fakegoog2.jpg

Once they've finished whatever they were doing and left the PC, the attacker only has to sit down and browse to the C Drive where they'll see this:

fakegoog3.jpg

As you probably guessed, any all login details typed into the fake application will be stored in this text file:

fakegoog4.gif

We detect this application as Fake Googletalk.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Additional Research: Chris Mannon, FSL Senior Threat Researcher

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.