RTZ Posted December 9, 2008 Share Posted December 9, 2008 ALERT!!!! **** Warning Malware with a very different point of attack.**** ALERT!!!! Mozilla Security Blog About Mozilla Security Malicious Firefox Plugin ( Password Stealing Application ) 12.08.08 - 11:07am Issue A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading. Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to a remote server. Impact If a user has been tricked into installing this plug-in, or had it installed through a separate vulnerability it may compromise passwords and the user’s accounts. This trojan is not Greasemonkey, even though it uses some of Greasemonkey’s internal IDs. Status To check whether your computer is infected, look for “Basic Example Plugin for Mozilla” in the Plugin list by choosing Add-ons from the Tools menu in Firefox. Then choose Plugins. If you see this plugin, disable it. Johnathan Nightingale blogged about it here: http://blog.johnath.com/2008/12/08/firefox-malware/ Credit This issue was identified in the wild by BitDefender. Their analysis is here: http://news.bitdefender.com/NW900-en--BitD...pplication.html Category: Firefox, Security | Quote Link to comment Share on other sites More sharing options...
greenknight Posted December 9, 2008 Share Posted December 9, 2008 Understand - this is not a Firefox add-on, installed by the user. This comes hidden in some other download, you're not safe just because you haven't installed any Firefox add-ons lately. If you got tricked into downloading any insecure file, or already had a trojan that downloads other malware, this could have been installed on your computer (if you have Firefox). Quote Link to comment Share on other sites More sharing options...
RTZ Posted December 9, 2008 Author Share Posted December 9, 2008 Exactly, Quote from Johnathan Nightingale's Blog, "The people getting infected here are either downloading enticing files that have the malware hiding inside (which is why Firefox 3 hands off all downloads to your computer’s virus scanner once downloaded) or, as some sites are reporting, people who have already been infected in the past having their computers forced to download this file as well." "Typical Firefox 3 users who avoid downloading software they don’t trust are unlikely to ever see this, and even the sites reporting it describe its incidence as “rare”." Quote Link to comment Share on other sites More sharing options...
Eldmannen Posted December 9, 2008 Share Posted December 9, 2008 Only addons.mozilla.org and update.mozilla.org are allowed to install extensions by default. Quote Link to comment Share on other sites More sharing options...
greenknight Posted December 10, 2008 Share Posted December 10, 2008 Only addons.mozilla.org and update.mozilla.org are allowed to install extensions by default. Apparently this Trojan gets around that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.