20 июн. 2006 г.

Hackers use Google Pages to host Trojan horse

Jeremy Kirk, IDG News Service

Google's Web site hosting service is apparently being used by hackers to try to steal money using a malicious program, a security company said.

Security vendor Websense warned on Friday that a Trojan horse was hosted on a site with the same IP (Internet Protocol) address as the main Google Pages Web site, at http://googlepages.com. The page is no longer active, Websense said on Monday.

Trojan horses present themselves as legitimate programs but actually conceal malicious code inside. They can be engineered to steal information from computers and are frequently spread by unsolicited e-mails or via instant messaging (IM) links.

Users are enticed to open attachments or click on Web links to launch the Trojan, releasing the malicious code on their computer.

The Trojan appears to have been noticed before its authors have managed to launch an attack, Websense said. The company has not yet detected e-mails or IM links leading back to the Trojan, which is designed to steal bank details relating to certain financial institutions.

The Trojan, also known as a "keylogger" for its ability to record keystrokes, is programmed to know when a user visits a bank site, and to then activate the keystroke recording function, said Ross Paul, a senior product manager at Websense.

Criminals often use free hosting services to post dangerous code, Paul said. "Anywhere there is anonymous access to create content is a pretty useful tool for criminals," he said.

The Trojan's file size has been reduced using ASPack, a file compression tool.

Google officials in London did not have an immediate response when contacted Monday morning.

Google Pages is the hosting complement of Google Page Creator, a free WYSIWYG (what you see is what you get) Web page editor that doesn't require HTML (Hypertext Markup Language) knowledge. Google Page Creator offers numerous templates and 100M-byte of storage for uploaded files and pages.

Within hours of its launch in February the service was taken down due to overwhelming demand. It was restored three days later.