Firefox users targeted by rare piece of malware

Started by Frands, December 04, 2008, 08:56:35 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Frands

QuoteResearchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.

Please read full article here: http://www.infoworld.com/article/08/12/04/Firefox_users_targeted_by_rare_piece_of_malware_1.html

About Trojan.PWS.ChromeInject.A : http://www.bitdefender.co.uk/NW900-uk--BitDefender-detects-novel-approach-to-stealing-web-passwords.html
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Corrine

Thanks for the heads up. 

Recommendations: 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

pastywhitegurl


pastywhitegurl

according to CNET:

http://news.cnet.com/Trojan-piggybacks-on-Firefox/2100-7349_3-6098615.html

QuoteA new Trojan horse making the rounds has been installing itself as a Firefox extension, according to security company McAfee.

The FormSpy Trojan attacks computers that have already been infected with the Downloader-AXM Trojan, according to a security advisory McAfee issued Tuesday. Once FormSpy is executed, it installs itself as a component of the Firefox Web browser.

The FormSpy spyware then gleans sensitive information, such as credit card and bank account numbers, from the user's browser and forwards it to a malicious Web site. But this Trojan is capable of other tricks, as well, McAfee noted.

According to one source, the virus is being circulated in a email attachment that can appear as billing info from Wal-mart, and also is marketed as the Numberlinks 0.9 extension for Firefox, taking its name from a legitimate add-on designed to make it easier for Firefox users browse the Web without a mouse.

Corrine

(Topics Merged.)

This is indeed one nasty malicious script.  Because it can be a drive-by download (downloaded without any interaction by the user), until the vulnerability has been addressed, consider using Internet Explorer for all online credit card purchases and banking activities.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

pastywhitegurl

How can we know when it's addressed? Will something be posted about it here on Lzd?

Corrine

Because the infected "add-on" is neither supported nor provided by Mozilla, but rather is targeting Mozilla, it will be left to the antivirus vendors to ensure that this password stealing trojan is being detected by them. 

See the following blog posts for additional information:

http://blog.mozilla.com/security/2008/12/08/malicious-firefox-plugin/
http://blog.johnath.com/2008/12/08/firefox-malware/


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.