SillyDog701

Message Centre 3.0

Skip to content

Spyware disguises itself as Firefox extension

Firefox, Thunderbird, SeaMonkey, Camino, Mozilla, Netscape 6/7/8/9, and all Gecko-based browsers discussion and support forum.
(MozInfo701, Netscape Browser Archive)

Moderators: Antony, Edward, profman, Ramona

Post a reply

Spyware disguises itself as Firefox extension

Postby J-M » Thu 27 Jul, 2006 10:22 am

This is really interesting and dangerous threat. From the Heise Security article:

http://www.heise-security.co.uk/news/76019

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension.

And later:

Trojan then installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server.

Information about numberedlinks project is available at http://numberedlinks.mozdev.org/

Technical description of this malware entitled as FormSpy is located here:
http://vil.nai.com/vil/content/v_140256.htm

I have written about this to my blog on Wednesday ( http://networksecurity.typepad.com/netw ... koile.html ), but information in English must be spreaded now.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby Antony » Thu 27 Jul, 2006 10:48 am

Thanks for the information J-M.

If the Trojan is able to fake its identity as (legitimate) numberedlinks, it's possible to pretend as any (other) Firefox extension.

Users should be careful where they install extensions from.
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.5) Gecko/20060723 Firefox/1.5.0.5
User avatar
Antony
diamond member
diamond member
 
Posts: 14510
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby Fulvio » Thu 27 Jul, 2006 11:10 am

This is not a legitimate attempt to install extentions which are listed. The article said that it is Spam Mail from an alleged Walmart site. Why would one want to open unrequested attaachment is beyond me. However, I felt that it was a matter of time for anyone to use such means. I would say, go easy on extentions, if any. Use K-Ninja or K-meleon which don't allow extention, AFAIK.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060706 K-Ninja/1.1 (Samurai)
A minority may be right, and a majority is always wrong
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b4
User avatar
Fulvio
Moderator
Moderator
 
Posts: 11916
Joined: Wed 19 Jun, 2002 10:08 am
Top

Postby Antony » Fri 28 Jul, 2006 1:00 am

MozillaZine has an article on this now, Anti-Virus Firms Warn of Trojan Horse Mozilla Firefox Extension (MozillaZine, July 27th, 2006)
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.5) Gecko/20060723 Firefox/1.5.0.5
User avatar
Antony
diamond member
diamond member
 
Posts: 14510
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby J-M » Fri 28 Jul, 2006 4:33 pm

Thanks for the article link. I have posted information to SD701 forum at first and then submitted a tip to MozillaZine. :D :D
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top
Post a reply

Return to Firefox, SeaMonkey and Netscape

Who is online

Registered users: Google [Bot], James, Yahoo [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac