Malware writers bank on Google Wave interest

Google Wave allows users to share text and media files in a single online space

Malware writers are already exploiting public interest in Google Wave, according to security researchers.

Symantec explained in a recent report that a new wave of Trojans had been crafted to take advantage of heightened interest in the new invitation-only collaboration service that allows users to share text and media files in a single online space.

Researchers uncovered Trojan applications connected to the Xrumer spam tool which masquerade as a way to automatically generate invitations for Google Wave.

The attack begins as a message spammed through online forums, email or Twitter feeds. The message advertises the bogus invitation tool, and suggests that users could make money by selling the invitations online.

When the file is downloaded, however, a Trojan is installed which creates a backdoor file on the victim's machine, potentially allowing the attacker to access and control the infected system.

Malware writers and cyber criminals have begun paying close attention to high-profile news items and popular search terms in recent years to lure users to malicious sites and Trojan downloads.

Symantec security analyst Patrick Fitzgerald noted that the attack not only plays on the popularity of the Wave service, but uses the trust associated with Google's name to persuade users that the download is legitimate.

"Cyber criminals have used Google Wave as bait precisely because of its current popularity," he said. "Unfortunately, this technique is something fraudsters use all the time, and internet users should be wary. If something appears too good to be true, then it usually is."