General discussion

Google IE toolbar 404 ?hijacking?

Feb 14 2008



Much has been written about the recent ?hijacking? of 404 pages by Google?s IE toolbar, causing a stir. Rather than rely on hearsay, we like to refer to the authoritative source about what Google has officially said about this.

In our research, we have discovered malicious sites returning HTTP 404 codes (indicating that the web site requested could not be found), and then turning around to serve a page that is filled with maliciousness for display as the error page, sneaky as that may sound. That being said, we do like the idea of having Google?s toolbar prevent the casual surfer from accidentally visiting a malware-laden 404 page.

However, Google?s IE toolbar only ?takes over? (we prefer that over ?hijack?) when the 404 page is less than 512 bytes, which somewhat reduces the protection it would have provided because in our experience, malicious 404 error pages are larger than 512 bytes.

More: http://www.websense.com/securitylabs/blog/blog.php?BlogID=172

Discussion is locked
Follow
Reply to: Google IE toolbar 404 ?hijacking?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Google IE toolbar 404 ?hijacking?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments

CNET Forums