Phishy Google Toolbar
Facetime's senior researcher Chris Boyd warned that two URL links are in circulation over instant messaging (IM) and internet relay chat (IRC) channels. Both links lead the nave to a page which, among other actions, installs and launches a phony Google toolbar, hijacks the Windows HOSTS file, and adds the anti-spyware program known as "World Antispy". The toolbar, in connection with the rewritten HOSTS file, redirects most Google addresses and pops up a window asking for credit card information.
IMlogic, another IM security vendor, said in its alert that the IM side of the attack was limited to Yahoo Messenger users, and the hack was using some of the same vulnerabilities in Microsoft's Internet Explorer as the infamous CoolWebSearch, the broad name given to a line of sneaky software that has in the past been dubbed "the Ebola of adware". This is the first known instance of a CoolWebSearch-style attack being propagated over an IM network.