Experts claim that Google Gadgets can be misused

Security researcher Robert Hansen has claimed that phishers can misuse the Google Gadget service provided by the search engine giant.

He said that the domain used to host these gadgets can be used to get around antiphishing filters.

Hackers can create a phishing site which can be hosted on this domain (gmodules.com) and it could be used in phishing mails.

This would mean that the user would get a weblink hosted on Google servers which would of course be cleared by any kind of anti-phishing service.

Hansen said that he reported his findings to the Google developers but was not satisfied with the response.

Alex Stamos, a researcher with Isec Partners had this to say on this report: “They have to have this throw-away domain to jail modules written by other people. It’s not an unreasonable model, and it’s the best they can do to host content created by malicious parties while not exposing themselves to attack.”