Google toolbar exposes PCs to attack

By Matthew Broersma, ZDNet.co.uk, 9 August, 2002 11:26

NEWS

An Israeli security firm has discovered a security vulnerability in Google's Internet Explorer toolbar that could allow an attacker to run malicious code on a user's PC, read private files, and carry out other intrusions. According to GreyMagic Software, a flaw in the Google Toolbar version 1.1.58 and earlier allows an attacker to embed code in any Web page that fools the toolbar into executing the attacker's commands. These commands can include altering the toolbar's parameters, which allows the attacker to hijack searches, alter the appearance of the toolbar or uninstall it completely. It also, more dangerously, allows the attacker to execute code on the user's PC. Google issued a new version of the toolbar fixing the problem, via its automatic update feature, on Wednesday. As of Friday, the current version of the toolbar is 1.1.60. GreyMagic's exploits centre around the fact that the toolbar uses simple URLs to control the software's features or execute scripts. Changes to the toolbar settings are made via a URL such as "http://toolbar.google.com/command?(changes here)", and scripts can be executed at "http://toolbar.google.com/command?script=(any script)". The toolbar only allows changes to take place if the document being viewed in the browser is in the google.com domain, or is viewing any location using a special "resource" protocol, meant for accessing system resources on the local computer. (Resource protocol addresses take the form "res://(address)".) However, GreyMagic demonstrated that this restriction could be easily circumvented by opening a "res://" or google.com page, and then using a script to change the URL to the desired malicious address. All a Google Toolbar user would have to do would be to visit a particular URL -- which could be distributed through an email, for example -- and a script embedded in the page could read files on the user's hard disk, alter the configuration of the toolbar to hijack searches or execute malicious commands. Since the commands can be executed in the "My Computer" security zone, they do not have many restrictions. GreyMagic said that several demonstrations of such exploits are available on its Web site.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section. Have your say instantly, and see what others have said. Go to the Security forum. Let the editors know what you think in the Mailroom.

Talkback

I don't know who to turn to because the company I got my computer from and my broadband server don't know anything about it but I was off line for some time while my computer got repaired and cleaned of viruses.

When I got back on I immediately got a bug and a worm. I got virus scan and firewall and got rid of them. I had spyware and I think they were from junk e mails. I spent many hours deleting junk and repeated e mails over and over and over. They keep coming back! I can't get rid of them! What can I do?

via Facebook 7 August, 2004 22:38

First thing.. if running XP turn off the system restore feature! Then run all updates from Microsoft and a full virus scan. You could also try Spybot - search in goolge for it.

via Facebook 9 August, 2004 10:39

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

I think WinRT is fantastic. I just wish it was an option for people that didn't want to go through Microsoft's App Store with its attendant...

3 hours ago by 45283 on Why Windows 8 needs architectural hygiene for WOA

Nine people? £30m? Who's back pocket is that lot going in? And IF they say it is for new buildings, what about all the ones the government has...

4 hours ago by Burn-IT on Police set to launch three £30m e-crime hubs

Just to be clear, nobody knows what is in the text of ACTA, here is a photograph of the text of ACTA http://twitpic.com/8h9iju as submitted to the...

4 hours ago by ewallace on ACTA: Facts, misconceptions and questions

Unfortunately main issue is that ASUS is refusing to accept that they make some mistake on this version of asus Transformer prime. 1 - GPS sensor...

5 hours ago by fgvrg56 on Asus Eee Pad Transformer Prime Wi-Fi & GPS problems?

@Marcus A fair question. Just talked with Archos which said it was working on an announcement for next week....

6 hours ago by Ben Woods on Archos confirms G9 Ice Cream Sandwich update schedule

Any update on this, considering the claimed "first week of February"?

7 hours ago by Marcus Karlsson via Facebook on Archos confirms G9 Ice Cream Sandwich update schedule

Bill Goodrich : Just as al_langevin pointed out, with Windows Server 2008 there is no Services for Macintosh anymore. It's gone, not available....

16 hours ago by apexwm on Windows Server 2008 drops the ball for Mac compatibility

Replying to an old topic that I'm currently facing with my CEO (who is on a Mac). Our servers are primarily Windows Servers, office is about...

22 hours ago by txtrainguy on Windows Server 2008 drops the ball for Mac compatibility

Sure, that makes perfect sense. Pay wrong-doers money and thank them for breaching your security and pointing out your flaws, that would surely...

23 hours ago by k0tcs3 on US indicts Romanian over NASA climate change hack

I think he's referring specifically to Android apps, as Apple do regulate their App Store, but Google seem to let any old crap onto the Android store!

23 hours ago by Random_Error on RIM: BlackBerry will keep 'garbage' apps out of store