Websense has found malicious code hosted in Google Pages, free hosting service from Google. The trojan is designed to steal online banking information.
The file is packed with ASPack and is a banking Trojan Horse which is designed to steal banking credentials upon visiting pre-defined financial institutions sites.
Unlike initial reports, Google Pages was not hacked. What happened was that some users deliberately uploaded the trojan to http://www.googlepages.com, probably preparing for an attack by using emails or IM to get people download and run the trojan. Google has since removed malicious pages when notified, and are working on a more permanent solution
Last week Orkut, was hit with a worm. The worm, dubbed by FaceTime as “MW.Orc”, works its way onto users’ personal computers when they click on infected links on Orkut scrapbook pages. It also sought to steal online banking information from computer users. The threat follows an earlier worm targetting Orkut, Banker-BWD, which was uncovered by Sophos, an anti-virus company.
On the web
ZDNet – Google pages hosting malicious code, Microsoft gets defaced
CNET – Trojan targets Google hosting service
Reuters – Google’s Orkut hit by personal data stealing worm