Password-Stealing Trojan Disguised as Firefox Extension

July 27th, 2006 · No Comments

A spam email making its rounds with a file attachment disguised as an "extension" or addon for the Mozilla Firefox browser is actually a Trojan horse program, which allows attackers to install programs that intercept Web traffic from a victim’s computer and monitor what he or she types, such as passwords and other login information.

According to analysis from McAfee AVERT, the spoofed message is designed to look like it came from the Wal-Mart billing support department. It includes an order number in the body of the e-mail and the same order number as the name of the attachment. If a Windows user clicks on the attachment, it will lead to the installation of a malicious program that steals passwords and monitors the victim’s network activity (unless he or she has taken our advice to avoid using their computer under the all-powerful "administrator" account.)

Once installed, this malware is disguised as the Numberlinks 0.9 extension for Firefox, taking its name from a legitimate add-on designed to make it easier for Firefox users browse the Web without a mouse. Firefox extensions normally prompt the user to install them, but this one silently patches the user’s browser without giving any notice. The next time the victim restarts the browser, the spying program — which McAfee has dubbed “FormSpy” — will start up automatically.Password-Stealing Trojan Disguised as Firefox Extension - Security Fix

The Network Security. Org

Password-Stealing Trojan Disguised as Firefox Extension

July 27th, 2006 · No Comments

From around the Web

Advertisments

Sponsors

Sponsors

Earlier Archives

Web Links