Google Wave used in malware scams
Google Wave, the online communication and collaboration tool, has become a target for scammers.
Symantec Security Response has detected a campaign luring people who want to get into the Google Wave community by promising not only an application that generates Google Wave invites, but also untold riches by selling these invites to other people who want to ride the Google Wave. In reality, this promised application does not work but is actually a piece of malware.
The scammers post messages on forums enticing people to download the “Google Wave Invite Invitation Generator”. Twitter microblogs have also been used.
“In this case, Google Wave was only selected as the bait because of its current popularity,” A Symantec blog posting says. “Using a trusted brand like this also increases the chance of success for the attacker. This technique is something cybercriminals use all the time and users should not let their guard down – if something appears too good to be true, then it usually is.”
Symantec offers this advice:
• Be careful what you click on. Exercise caution when clicking on links from unknown senders.
• Only download applications from reputable sources. In this case, Google Wave’s official website has a page for users to request invites.
• Deploy protection: Arm yourself with strong and updated security software to catch and prevent malware from downloading.
Examples of the scammers’ messages can be seen at www.symantec.com/connect/blogs/xrumer-spammer-s-toolkit