Announcement

Collapse
No announcement yet.

Trojan that disguises itself as a Firefox extension

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trojan that disguises itself as a Firefox extension

    Portal zum Thema IT-Sicherheit – Praxis-Tipps, Know-How und Hintergrundinformationen zu Schwachstellen, Tools, Anti-Virus, Software, Firewalls, E-Mail


    The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. It is currently being openly disseminated through spam emails that purport to come from Wal-Mart. If the recipient opens the mail attachment while running a Windows operating system, the Trojan then installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. McAfee has dubbed the Trojan "FormSpy," although the company is still currently categorizing its distribution as low.
    ...
    Sheesh, what next?
    Chuck
    秋音的爸爸

  • #2
    Not on my list.
    Dr. Mordrid
    ----------------------------
    An elephant is a mouse built to government specifications.

    I carry a gun because I can't throw a rock 1,250 fps

    Comment


    • #3
      I don't really understand what use the real numberedlinks extention would have.
      But I don't guess there's any reason to think they couldn't easily name it after some more popular extention.
      Adblock update offered by email anyone?


      PS I know, I know. You and I wouldn't fall for it. But a lot might.
      Chuck
      秋音的爸爸

      Comment


      • #4
        As pointed out on Slashdot comments this technically is still a Windows virus because it's a VBS vulnerability that attaches itself to Firefox (that's how it bypasses the install this extension screen).

        Firefox rejects extensions installed from unverified sources, so unless people manually add a server hosting the bad extension and then click "install it", it won't affect most Firefox users.
        Gigabyte GA-K8N Ultra 9, Opteron 170 Denmark 2x2Ghz, 2 GB Corsair XMS, Gigabyte 6600, Gentoo Linux
        Motion Computing M1400 -- Tablet PC, Ubuntu Linux

        "if I said you had a beautiful body would you take your pants off and dance around a bit?" --Zapp Brannigan

        Comment


        • #5
          I've read somewhere that it installs itself via an IE exploit, can't find the link atm.
          Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
          Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
          Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI

          Comment

          Working...
          X