Being the number one name on the Web and also offering so many useful services naturally attracts misuse by the shadier side of the Internet. We’ve written in the past about the abuse of google docs and spreadsheets. And in our Q1 trend report we discussed the high percentage of spam emails with forged sender addresses showing Gmail. But wait… there’s more. In this series we discuss 3 more examples where the legitimacy and trust conferred by the Google name has been misused:
1) Directing malware at Google group users
In Google’s words “Google Groups is all about helping users connect with people, access information, and communicate effectively over email and on the web.” It seems a distributor of a fake anti-virus installer agreed that Google Groups was the most helpful method to connect with people, trick them into downloading malware, and extort them. The message subject is “Shoking clip” (sic) and the body simply states “Omg – shocking clip! It may happen to you too”.
Curious clickers arrive at a Web page displaying a seemingly standard video player. Attempts to play the video produce a popup requiring installation of an “Active-X Patch”.
Clicking OK installs a nasty piece of scareware that prevents users from accessing files on their computers until they “activate” the new anti-virus software. The activation costs around $40 (with credit card details transferred to Internet lowlife).