Hackers outfox Mozilla

The place for what's new and going on in the tech, innovation, and science world.
Post Reply
User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18908
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Hackers outfox Mozilla

Post: # 30404Post Egaladeist
Fri Aug 04, 2006 4:36 am

Malware has been found that can hijack Mozilla's Firefox Web browser and monitor submit-and-click events.

The trojan, called Infostealer.Snifula, or FormSpy, manifests as a Firefox extension after users execute the malicious email attachment dubbed Downloader-AXM.

Once downloaded from servers via Downloader-AXM, Formspy changes to the NumberedLinks 0.9 Firefox extension which allows users to browse using numbers rather than a mouse. Formspy then captures contents of form submission events including passwords and forwards them to its main process where it is sent to the remote attacker.

Mozilla Corporation technology strategist Mike Shaver said the use of e-mail as a medium exemplifies the need for user discretion in opening attachments.

"The recent Formspy Trojan, delivered via an executable file in a deceptive e-mail message, points again to the risk of installing or running software from an unknown source," Shaver said. "This malware manifests itself as a Firefox extension only after the user has already been compromised; it had its run of the system, leaving Firefox virtually in the same situation as if the entire operating system had turned against it."

Symantec security response engineer, Candid Wuest said the trojans, which commonly attack Internet Explorer's browser helper objects (BHOs), began attacking Mozilla browsers in March this year with the Javascript-based JS.Ffsniff by using the XPConnect Java interface that allows transparent access to cross-platform component object models (XPCOMs) that developers use to create extensions for the Firefox browser.

"When an infected user submits a form on a Web site, [JS.Ffsniff] will parse the site and steal all information that is submitted by the Web form, including passwords," Wuest said. "The JS.Ffsniff script then sends this information to a predefined e-mail address using XPCOM objects."

http://www.computerworld.com.au/index.p ... 1968336438
Computerworld | Hackers outfox Mozilla



User avatar
xierox
Hoopy Frood
Posts: 314
Joined: Sat Dec 31, 2005 2:08 am

Post: # 30430Post xierox
Fri Aug 04, 2006 9:21 am

Good thing I run Firefox.

Wait.

Dang it.

</slashdot>

;)

- Xierox
Image
Sometimes the light's all shining on me, other times I can barely see. Lately it occurs to me what a long strange trip it's been.

AcidTone

Post: # 30443Post AcidTone
Fri Aug 04, 2006 9:57 am

bah old news that is.. Posted about that on AO, it seems no one really noticed it, or maybe it's the fact that it's a Ghost town as of late.. :roll:

User avatar
J_K9
THE Prancing Pirate
Posts: 8123
Joined: Fri Feb 24, 2006 10:47 pm
Contact:

Post: # 30446Post J_K9
Fri Aug 04, 2006 10:06 am

Acid has a point - this news is a few days old. And if there are any users who still fall for the "delivered via an executable file in a deceptive e-mail message" trick, then God help them :roll:
xierox wrote:Good thing I run Firefox.

Wait.

Dang it.

</slashdot>
Hehe.. ;)
"Don't gain the world and lose your soul, wisdom is better than silver or gold." - Bob Marley

[CS:Source Admin]

User avatar
Maverick
Top Gun
Posts: 6629
Joined: Mon Feb 13, 2006 12:55 am
Are you a Spammer: No

Post: # 30513Post Maverick
Fri Aug 04, 2006 1:42 pm

J_K9 wrote:And if there are any users who still fall for the "delivered via an executable file in a deceptive e-mail message" trick, then God help them :roll:

I agree - but you'd be surprised at how much it is still happening... I mean, after all, if it didn't work the malware writers would be looking for other methods of infection - but, "if it ain't broke, don't fix it" right?

Damn (l)users...
- Maverick

Post Reply