RealTime IT News

Online Trust Takes a Hit in Gmail Chat Phishing

Security expert are warning that a phishing attack on Google's Gmail's chat feature not only poses a danger to users, but could be a harbinger of things to come.

The attackers sent victims an instant message urging them to click a TinyURL link to check out a video. TinyURL.com is a service that shortens lengthy hyperlinks, making them easier to remember and share. But it's also been used in a number of recent cases to obscure the origin of malicious links.

Clicking on that link then took victims to a Web site, ViddyHo.com, where they were asked for their Google (NASDAQ: GOOG) Account user name and password, according to Graham Cluley, a senior technology consultant at security consultancy Sophos.

Experts said that as a result of the attack, hackers could leverage the identities they steal to spawn new threats -- with the added advantage that they'll be originating from Google sites.

"The phishers behind the ViddyHo attack can use the stolen accounts to send spam through Gmail and host malware on Google Blogspot sites," Stephan Chenette, manager of security research at Internet security vendor Websense (NASDAQ: WBSN), told InternetNews.com.

The attack comes as the latest example of how phishers and hackers are seeking ways to leverage Web sites' good names to nefarious ends. Security experts say that attacks through social networking sites and other trusted sources such as Google threaten to break the trust model on which the Web is based.

"We'll see even more of these attacks in 2009," Chenette said.

Sophos' Cluley told InternetNews.com that hackers are especially eager to take advantage of users' relationships through instant messaging and social networking sites.

"You're more likely to click on an IM or message from a friend than a stranger," he said.

Tracking a phisher

It's unclear who's responsible for this latest attack. According to WHOIS records, the ViddyHo.com site is owned by a company called HappyAppy, and is hosted by free domain name server (DNS) and Web host FreeDNS.afraid.org.

Calls to the contact listed in WHOIS for HappyAppy were not returned by press time.

Joshua Anderson, FreeDNS.afraid.org's senior administrator, told InternetNews.com in an e-mail that his organization suspended HappyAppy's account Tuesday afternoon after learning the domain could have been used for the attack.

Anderson said he has yet to hear from ViddyHo.com's owner. However, he added said that HappyAppy may not necessarily be responsible for the attack, since its site may have been hacked.

"If this is the case, we hope the domain owner is able to safely correct and mitigate the issue so that service may be restored," Anderson said. "The DNS was suspended only to mitigate any possible threat to the Internet as per our terms of service."

Page 2: Trust under siege