Firefox's broad support for plug-ins and extensions has always been a major feature of the browser, particularly back in the days of IE6. The the browser's enduring popularity has finally caught the eye of malware authors, as a trojan is now targeting Firefox specifically
BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A" (the ChromeInject suffix refers to the Chrome component of Firefox). The trojan installs itself into Firefox's add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.
Please note, this trojan is not actually the Greasemonkey add-on, and only identifies itself as such. Mozilla has confirmed that the official Greasemonkey release contained within Mozilla's own extension repository (and available here) is malware-free. If you're currently using Greasemonkey or are interested in doing so, there's no reason to avoid the legitimate add-on at this time, so long as you download it from Mozilla's page or an equally trusted source.
Once installed, the trojan is capable of identifying over 100 web sites. When an infected user visits a site the trojan recognizes, the parasite comes to life and records the login/password details being transmitted. Presumably it then goes back to sleep, quietly keeping an eye on further system activity.
It's not clear if the trojan is visible as an installed add-on from within the browser, or how it interacts with the real Webmonkey, if that extension is installed. The attack vector is also vague. At the moment, BitDefender believes users are catching the trojan through one of the normal approaches—opening attachments, allowing ActiveX or JavaScript to execute in an unsafe way, or downloading malware-ridden "codecs" in order to catch a sneak preview of 2 Girls 1 Cup 2 Fast 2 Furious. BitDefender has already updated its own AV suite to detect and remove the new trojan; other malware vendors will undoubtedly do the same within the next few days.
source:arstechnica.com
0 comments:
Post a Comment