CNET también está disponible en español.

Ir a español

Don't show this again

Phishers lie in wait for Google searchers

Many are setting up legitimate looking e-commerce sites that disguise links to malicious software as pictures of goods on sale, firm says.

Security
Phishers are setting up fraudulent e-commerce Web sites and simply waiting for victims using Google and other search engines to find them, a security company has warned.

Traditionally, phishing scammers have lured their victims to fraudulent Web sites by sending official-looking e-mails that are ostensibly from well-known companies asking users to 'verify' their user names and passwords. Now many are setting up legitimate looking e-commerce sites that disguise links to malicious software as pictures of goods on sale, CyberGuard said Wednesday.

Paul Henry, a senior vice president at CyberGuard, said that when Web shoppers search the Internet looking for products they want to buy, they could be directed to a plausible e-commerce site that instructs them to "Click here to download images" of the product.

Henry said that instead of linking to pictures of the advertised product, the links point to a self-extracting Zip file that installs a Trojan horse on the victim's computer. The program could then steal personal and financial information.

"If it looks too good to be true, it probably is. Don't let the Grinch steal your Christmas," Henry said.

The warning comes a week after the Anti Phishing Work Group, or the APWG, said it suspected that a phishing tool kit, which could help create and automate phishing attacks, was being distributed on the Internet.

In early November, e-mail security company Messagelabs warned of a new phishing method that did not require the user to open an e-mail attachment or click a link.

Messagelabs said it had discovered some malicious e-mails that, when viewed, could run a script that manipulated certain files on the victim's computer. The next time that computer attempted to log on to a legitimate banking site it would automatically be redirected to a fraudulent Web site.

Munir Kotadia of ZDNet Australia reported from Sydney.

Close
Drag
Autoplay: ON Autoplay: OFF