All your Googles are belong to us: Look out for the Google Docs phishing worm

by
Sean Gallagher
from Ars Technica - All content on (#2N8EM)
bademail-1.jpg

Enlarge / Don't click.

A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets.

The phish appears to have been initially targeted at a number of reporters, but it quickly spread widely across the Internet. Some of the sites associated with the attack appear to have been shut down.

The e-mail uses a technique that a Trend Micro report linked last week to Pawn Storm, an ongoing espionage campaign frequently attributed to Russian intelligence operations. The attack uses the OAuth authentication interface, which is also used by many Web services to allow users to log in without using a password. By abusing OAuth, the attack is able to present a legitimate Google dialogue box requesting authorization. However, the authentication also asks permission for access to "view and manage your e-mail" and "view and manage the files in your Google Drive."

Read 3 remaining paragraphs | Comments

index?i=Fq-nf0xsnTo:xbLF1fi-anc:V_sGLiPB index?i=Fq-nf0xsnTo:xbLF1fi-anc:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments