Well, it was just a matter of time, but there are finally some reports of a fake google toolbar executable that hides a trojan horse. Great! Well, I always knew it would happen, and I’ve been warning people for ages, “If you put executables on your webpage, it’s just a matter of time before the phishers do the same thing.” Thankfully the barrier to entry in building executables is still fairly high, making this a fairly small attack vector, but used in combination with hacking a big DNS could be huge. Think about what a fake Microsoft Windows Update could do in terms of numbers!
This probably falls into the Pharming category rather than Phishing, as it doesn’t actually intend to directly compromise you by asking you for information, but it does try to get you to download something based on a brand that you are supposed to trust. To my knowledge this is the first time this has ever happened. But getting someone to install this toolbar could lead to information loss, but also to more phishing, because the anti-phishing built into the Google Toolbar will obviously be turned off. Pretty nasty. Executables are pretty nasty.
I’m still waiting for a day when there will be a single signing authority for executables so you can know what is real and what isn’t. Google Toolbars should be signed by a central authority, and your machine shouldn’t even let you download it unless you know where it comes from and can verify that. That might be a pipe dream, and that would kill a lot of the little guys, but if it at least warned you that it wasn’t signed that might give people a clue that it wasn’t Google. Either that or they’d just click through. This is frustrating, because there isn’t really a good answer, other than better detection of fraudulent websites claiming to be big brands.