Security researcher Robert Hansen, aka RSnake, has published details of a new attack on Google Desktop. Basically, Hansen found a man-in-the-middle attack, this time placing an attacker between Google and someone launching a desktop search query. From this position, the attacker is able to manipulate the search results and possibly take control of other programs on the desktop.

The attack scenario plays out like this: a user of Google Desktop makes a search query that is intercepted by an attacker. The attacker then injects Javascript that creates an invisible IFrame on the target URL page as well as makes the IFrame follow the user’s mouse; the user is unaware. The attacker then injects more code to position a second query inside the user mouse IFrame. As the second query executes, the attacker then forces a meta-refresh to reload the page, and that forces Google Desktop to load as well as any program indexed by Google Desktop the attacker may desire. When user clicks the evil Google Desktop query, the malicious program executes.