6 replies to this topic

[laserjet]

ALERT!!!! **** Warning Malware with a very different point of attack.**** ALERT!!!!




Mozilla Security Blog
About Mozilla Security

Malicious Firefox Plugin ( Password Stealing Application )

12.08.08 - 11:07am

Issue

A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading. Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to a remote server.

Impact

If a user has been tricked into installing this plug-in, or had it installed through a separate vulnerability it may compromise passwords and the user’s accounts. This trojan is not Greasemonkey, even though it uses some of Greasemonkey’s internal IDs.

Status

To check whether your computer is infected, look for “Basic Example Plugin for Mozilla” in the Plugin list by choosing Add-ons from the Tools menu in Firefox. Then choose Plugins. If you see this plugin, disable it.

Johnathan Nightingale blogged about it here: http://blog.johnath....irefox-malware/

Credit

This issue was identified in the wild by BitDefender. Their analysis is here: http://news.bitdefen...pplication.html

Category: Firefox, Security |

[exile360]

Wow, scary stuff. This should probably be posted in the Security Alerts section, I think it would probably get more notice there.

[sho-dan]

Has been noted in Newest Rogue Threats forum: Dec 5 2008

Trojan.PWS.ChromeInject.A - Named by BitDefender, Trojan targets Firefox users

http://www.malwarebytes.org/forums/index.php?showtopic=8108&st=0#entry38348

[Tech0utsider]

Just what passwords does it steal?

[Tech0utsider]

And why are we all using Firefox?

Security by Obscurity!

Seems like every Firefox fanboy is proud that it is occupying ~25% of the browser market and rapidly increasing; however the irony is that with more popularity, Firefox becomes a bigger target!

Does that mean we should switch to a niche browser?

[exile360]

I dunno, but your point about obscurity is certainly valid. I use IE7 myself, but hardly in it's default configuration as you can tell by my signature. I haven't had a single infection since I went to Vista, but that's only partially due to Vista itself. I surf cautiously, don't use myspace, facebook, limewire or IM programs, don't open emails from peeps I don't know and don't open forwarded emails from peeps I do know (and most of them know better than to send them to me by now). But I don't trust in any one program/technology or practice to keep me safe, it's a combination that I must maintain, and of course I don't use Java either (no Vundo/Virtumonde for me, thank you). My method is paranoid, but it works and with the right mix of security software, it's light on resources too.

[laserjet]

This is a quote from the Johnathan Blog the Link to it was provided in initial post, Does This Mean that Firefox is Insecure?

No, and here’s why:

"This particular malware targets our program, but once you have malicious software running on your system, it can just as easily attack other programs, or harm your computer in other ways. '
'This isn’t contracted by just browsing around the web with Firefox 3. In fact, the Malware Protection features in Firefox 3 are designed specifically to prevent sites from being able to attack your computer. "

"The people getting infected here are either downloading enticing files that have the malware hiding inside (which is why Firefox 3 hands off all downloads to your computer’s virus scanner once downloaded) or, as some sites are reporting, people who have already been infected in the past having their computers forced to download this file as well. '

"Typical Firefox 3 users who avoid downloading software they don’t trust are unlikely to ever see this, and even the sites reporting it describe its incidence as “rare”.