Posted by Virus Bulletin on Sep 18, 2006
Fake Gmail site served by Google itself.
Web search and service behemoth Google has had its security credibility hit this weekend, after a site was set up on its servers spoofing its own GoogleMail service, and demonstrating how the system could be used to gather personal details.
The site was set up via the Google Public Service Search system, designed for public bodies and educational institutions, and provided an official-looking interface described as 'Gmail plus'. When users entered GoogleMail login details, they were displayed on the screen with a message making it clear they had been tricked into revealing them.
The page (here) was reported to Google by the creator soon after it was set up, and has now been removed; visiting it now displays a page warning that visiting it resembles the actions of a malware-infected computer.
Posted on 18 September 2006 by Virus Bulletin
