PDA

View Full Version : FireFox Security News



MOP
12-25-2008, 11:20 PM
Firefox Users Targeted by Rare Piece of Malware (PC World)
Posted on Thu Dec 4, 2008 6:51PM EST

Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.

The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.

The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.

Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.

Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting a vulnerability in a browser, or by being duped into downloading it, Canja said.

When it runs on a PC, it registers itself in Firefox's system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.

BitDefender has updated its products to detect it, and other vendors will likely follow suit quickly, Canja said. Users could avoid it by only downloading signed, verified software, but that's a measure that restricts the usability of a PC, he said.

Source LINK. (http://tech.yahoo.com/news/pcworld/20081204/tc_pcworld/firefoxuserstargetedbyrarepieceofmalware)

McGary911
12-26-2008, 08:12 AM
Thanks Phil. Seems to be the real deal.

http://blog.mozilla.com/security/2008/12/08/malicious-firefox-plugin/

I'm not infected (usually pretty careful), but worth everyone's while to do a quick check. Instructions on the check are in the above link.