werty316
07-27-2006, 10:24 PM
Whatever happened to Firefox being immune to spyware? :lol: I guess only knowledgeable users are smart enough not to install an .exe file from an email attachement.
Trojan installs fake Firefox extension and reports collected data back to its servers
According to Heise Security, computer security software company McAfee has issued a warning that a new Trojan, which disguises itself as a legitimate Firefox extension, is on the loose. The Trojan disguises itself as a legitimate extension called “numberedlinks” that adds numbers to links on web pages. The fake extension then intercepts passwords and credit card information entered in to the browser and sends it to an external server.
McAfee has labeled the Trojan “FormSpy” and considers its ability to widely distribute itself relatively low at this point. The payload is delivered via email as an exe called the AXM Downloader. Once a user opens the attachment, the software then connects to the internet and downloads the extension. It then injects itself directly into the Firefox configuration data completely bypassing the user confirmation dialog box that normally appears when a user installs an extension.
Firefox does have the built in ability to allow extension authors to digitally sign their extensions to help prove the extensions authenticity, however, the feature is underutilized by extension developers. We should also mention that the real numberedlinks extension available from mozdev.org is not associated with the spyware using its name and is completely safe to use. Users can also check what extensions they have installed by going to Tools > Extensions.
Article Source: http://www.dailytech.com/article.aspx?newsid=3534
Trojan installs fake Firefox extension and reports collected data back to its servers
According to Heise Security, computer security software company McAfee has issued a warning that a new Trojan, which disguises itself as a legitimate Firefox extension, is on the loose. The Trojan disguises itself as a legitimate extension called “numberedlinks” that adds numbers to links on web pages. The fake extension then intercepts passwords and credit card information entered in to the browser and sends it to an external server.
McAfee has labeled the Trojan “FormSpy” and considers its ability to widely distribute itself relatively low at this point. The payload is delivered via email as an exe called the AXM Downloader. Once a user opens the attachment, the software then connects to the internet and downloads the extension. It then injects itself directly into the Firefox configuration data completely bypassing the user confirmation dialog box that normally appears when a user installs an extension.
Firefox does have the built in ability to allow extension authors to digitally sign their extensions to help prove the extensions authenticity, however, the feature is underutilized by extension developers. We should also mention that the real numberedlinks extension available from mozdev.org is not associated with the spyware using its name and is completely safe to use. Users can also check what extensions they have installed by going to Tools > Extensions.
Article Source: http://www.dailytech.com/article.aspx?newsid=3534