Koobface Infiltrates Google Reader

Security experts at TrendMicro have discovered at least 1,300 public Google Reader pages infected with a new Koobface type of attack. Hackers have employed Google Reader accounts to host links redirecting users to a Koobface infected page.

Attackers employed Google Reader's possibility to share links and messages between users to host an image resembling a Flash video. Whenever the user tried to view the video, they were redirected to a cloned YouTube page containing a video. As in previous attacks, the user was soon prompted with an alert that invited them to upgrade their Flash player. Hidden was the fact that instead of the updated software, the user was downloading the doomed Koobface downloader component that would that take over the victim's computer.

Google was soon to react to these findings, taking all the necessary steps into blocking the infected URLs. Unlike previous attacks that used MySpace, Facebook and Twitter, this one seems not to have made the same type of impact, maybe thanks to Google's quick reaction and the fact that its users are a slight more Web-educated than all the social network users in the past.

The Mountain View-based company has recently found itself in the sights of many black hat attacks because of its bigger and bigger array of services that seems to provide more and more useful tools for hackers.

Previous incidents involved the Google App Engine and Google Groups service used as a botnet control and command center, the Google Apps service used as an illegal file sharing tracker, Picasa's email spam or attacks under the form of malware hosted inside video codec projects on Google Code.

The attacks come after Google introduced many services for safe Internet browsing, including the infamous blacklisting service Google Safe Browsing. This form of Koobface is still dangerous because its creators are now relying on Google's own reputation of a safe heaven for online users and attacking completely unsuspecting victims.