IT Jobs
Firefox hit by malware
Password collecting software targets bank sites.
By Jeremy Kirk, IDG news service
Published: 15:27 GMT, 05 December 08
Firefox users have been targeted by a new type of malicious software. The malware, which has been identified by security researchers at BitDefender, collects passwords for banking sites and has been dubbed "Trojan.PWS.ChromeInject.A"
The malware, which sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab, runs when Firefox is started and uses JavaScript to identify more than 100 financial and money transfer websites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a website, it will collect logins and passwords, forwarding that information to a server in Russia.
Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.
Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting a vulnerability in a browser, or by being duped into downloading it, Canja said.
When it runs on a PC, it registers itself in Firefox's system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to web pages rendered by Firefox.
BitDefender has updated its products to detect it, and other vendors will likely follow suit quickly, Canja said. Users could avoid it by only downloading signed, verified software, but that's a measure that restricts the usability of a PC, he said.
The malware is not present in Mozilla's repository of add-ons, Canja said. Mozilla had taken steps to ensure that its official site hosting add-ons - also called extensions - are free from malware.
In May, Mozilla acknowledged that the Vietnamese language pack for Firefox contained a bit of unwanted code. Although widely reported as a virus, the language actually contained a line of HTML code that would cause users to view unwanted advertisements.
Mozilla now scans new add-ons for malware. However, those scans will only detect known threats, and there was no signature in the security software Mozilla was using at the time that could detect the code.
Mozilla said the code probably ended up in the language pack after the PC of its developer became infected. More than 16,000 people downloaded the language pack, but only about 1,000 people regularly use it.
After the incident, Mozilla said it would scan add-ons in its repository when anti-virus signatures were updated.
.gif)
Add your commentComments
Solution from Search-and-destroy. | Published: 08:15 GMT, 15 December 2008
If you own a computer, you must have antispyware to keep it running at its best. The problem is choosing a scan that works. I have tried many different types of scans in the past and then I ran across Search-and-destroy Antispyware. I have to say that the antispyware solution from Search-and-destroy is the best that I have used to date. It gets the job done and keeps my computer working like new. If you are interested in seeing for yourself just how good this antispyware works you can click on http://www.Search-and-destroy.com/antispyware.html to learn more. I’m sure it would be worth your time to check it out.
The Open Sourcerer | Published: 13:07 GMT, 06 December 2008
You should also mention that these attacks are only effective on the Windows platform. Firefox on Linux or Mac is fine...