Google Toolbar error opens the PC door for hackers

Security researcher Aviv Raff recommends that Google Toolbar users avoid adding new buttons to the toolbar or they will be infected with malicious code.

The Google Toolbar plug-in mechanism vulnerability is the cause of this situation. This mechanism often ignores uncontrolled source of buttons. Hackers have taken advantage of this to forge the source of a button that makes users accept installing maliciously implanted buttons and still think it is a button from a legitimate website.

Expert Raff recommends that this mechanism could be exploited to steal data or implant malicious code into a user's PC.

' This error could allow hackers to create evidence to convince users that they are installing a button from a trusted website. But actually that button is the tool that helps hackers download malicious code or fraudulent users '.

The eWEEK magazine has tested and confirmed the version of Google Toolbar 5 Beta for Internet Explorer also has the error. Meanwhile, expert Raff said that Google Toolbar 4 versions for both Internet Explorer and Firefox could be exploited to attack users.

Google confirmed that it is urgently trying to fix the error. Now Raff also released a exploit code to confirm the possibility of exploiting errors to attack users.

But the security community does not appreciate the error Google Toolbar mentioned above because to successfully attack requires a lot of interaction from the user.

First, hackers must trick users into clicking on a web link that allows a pop-up window to ask whether or not a user will accept the installation of a button on the Google Toolbar. This window is spoofed by hackers just like windows appear from legitimate websites.

Even if the user accepts installation of the button, hackers still cannot attack them. Hackers have to wait until users click on that button, accept the download and run an executable file to be able to attack. The downloaded file is usually a malicious software.

Hoang Dung