Trojan targets Google hosting service

By Dawn Kawamoto
Staff Writer, CNET News.com

Published: June 19, 2006, 9:34 AM PDT

Last modified: June 19, 2006, 10:46 AM PDT

update A Trojan horse has been discovered in Google Pages, a Web site hosting service offered by the search giant.

An attacker apparently uploaded a malicious file to a Googlepages.com server, part of a service that allows people to create their own Web pages, said Dan Hubbard, the senior director of security research at Websense Security Labs. The Trojan could lie dormant on a user's system until the individual logs on to a banking Web site and then attempt to steal his or her personal information by capturing their keystrokes, according to a security alert released Friday by Websense.

Although the security monitoring company has detected the presence of the Trojan horse on Google Pages, it has not yet received any reports of bogus e-mails or instant messages that attempt to lure users to click on malicious links or download dangerous files.

"This is not a high-level, zero-day type of threat," Hubbard said. "But when you have this big of (an Internet site) name involved, security researchers tend to look at it."

Google said it is moving as quickly as possible to deal with the problem.

"Google Page Creator enables users to upload and serve files on their Web site. We understand some users are hosting and serving malicious files, and we are removing these Web pages when notified," a Google spokeswoman said in an e-mail. "We are working on a more permanent solution to guard against these malicious efforts. However, we encourage users to continue to notify us when they encounter sites that host or serve malicious files."

Last week, Google's social-networking site, Orkut, was hit with a new worm. That worm, MW.Orc, also sought to steal online banking information from computer users.