Page 1 of 1

Hackers outfox Mozilla

Posted: Fri Aug 04, 2006 4:36 am
by Egaladeist
Malware has been found that can hijack Mozilla's Firefox Web browser and monitor submit-and-click events.

The trojan, called Infostealer.Snifula, or FormSpy, manifests as a Firefox extension after users execute the malicious email attachment dubbed Downloader-AXM.

Once downloaded from servers via Downloader-AXM, Formspy changes to the NumberedLinks 0.9 Firefox extension which allows users to browse using numbers rather than a mouse. Formspy then captures contents of form submission events including passwords and forwards them to its main process where it is sent to the remote attacker.

Mozilla Corporation technology strategist Mike Shaver said the use of e-mail as a medium exemplifies the need for user discretion in opening attachments.

"The recent Formspy Trojan, delivered via an executable file in a deceptive e-mail message, points again to the risk of installing or running software from an unknown source," Shaver said. "This malware manifests itself as a Firefox extension only after the user has already been compromised; it had its run of the system, leaving Firefox virtually in the same situation as if the entire operating system had turned against it."

Symantec security response engineer, Candid Wuest said the trojans, which commonly attack Internet Explorer's browser helper objects (BHOs), began attacking Mozilla browsers in March this year with the Javascript-based JS.Ffsniff by using the XPConnect Java interface that allows transparent access to cross-platform component object models (XPCOMs) that developers use to create extensions for the Firefox browser.

"When an infected user submits a form on a Web site, [JS.Ffsniff] will parse the site and steal all information that is submitted by the Web form, including passwords," Wuest said. "The JS.Ffsniff script then sends this information to a predefined e-mail address using XPCOM objects."

http://www.computerworld.com.au/index.p ... 1968336438
Computerworld | Hackers outfox Mozilla

Posted: Fri Aug 04, 2006 9:21 am
by xierox
Good thing I run Firefox.

Wait.

Dang it.

</slashdot>

;)

- Xierox

Posted: Fri Aug 04, 2006 9:57 am
by AcidTone
bah old news that is.. Posted about that on AO, it seems no one really noticed it, or maybe it's the fact that it's a Ghost town as of late.. :roll:

Posted: Fri Aug 04, 2006 10:06 am
by J_K9
Acid has a point - this news is a few days old. And if there are any users who still fall for the "delivered via an executable file in a deceptive e-mail message" trick, then God help them :roll:
xierox wrote:Good thing I run Firefox.

Wait.

Dang it.

</slashdot>
Hehe.. ;)

Posted: Fri Aug 04, 2006 1:42 pm
by Maverick
J_K9 wrote:And if there are any users who still fall for the "delivered via an executable file in a deceptive e-mail message" trick, then God help them :roll:

I agree - but you'd be surprised at how much it is still happening... I mean, after all, if it didn't work the malware writers would be looking for other methods of infection - but, "if it ain't broke, don't fix it" right?

Damn (l)users...