FireFox User Warning

cbrew2001

Duramadness
Dec 7, 2008
7
0
0
59
Ragley, Louisiana
Firefox Users Targeted by Rare Piece of Malware

Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.

The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.

The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.

Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.

Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting a vulnerability in a browser, or by being duped into downloading it, Canja said.

When it runs on a PC, it registers itself in Firefox's system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.

BitDefender has updated its products to detect it, and other vendors will likely follow suit quickly, Canja said. Users could avoid it by only downloading signed, verified software, but that's a measure that restricts the usability of a PC, he said.

The malware is not present in Mozilla's repository of add-ons, Canja said. Mozilla had taken steps to ensure that its official site hosting add-ons -- also called extensions -- are free from malware.


In May, Mozilla acknowledged that the Vietnamese language pack for Firefox contained a bit of unwanted code. Although widely reported as a virus, the language actually contained a line of HTML code that would cause users to view unwanted advertisements.

Mozilla now scans new add-ons for malware. However, those scans will only detect known threats, and there was no signature in the security software Mozilla was using at the time that could detect the code.

Mozilla said the code probably ended up in the language pack after the PC of its developer became infected. More than 16,000 people downloaded the language pack, but only about 1,000 people regularly use it.

After the incident, Mozilla said it would scan add-ons in its repository when antivirus signatures were updated.


http://tech.yahoo.com/news/pcworld/20081205/tc_pcworld/firefoxuserstargetedbyrarepieceofmalware
 

MMLMM

Tunergeek
Mar 2, 2008
4,086
2
38
43
Reno, NV
www.dyncal.com
You can check whether you are infected by openin your Firefox Browser and clickin on the Tools-Menu and select “Add-ons”. Then select the last tab called “Plugins” and make sure that you do not have a plugin called “Basic Example Plugin for Mozilla - npbasic”.

If you see this, you can disable the plugin by clicking on “disable”.

All TrustDefender users are protected by default from this attack.
 

MMLMM

Tunergeek
Mar 2, 2008
4,086
2
38
43
Reno, NV
www.dyncal.com
K Here is a question. Does this only affect PC or are Macs also infectable. From my understanding a trojan cannot affect a mac??

:rofl:

Yea MACs are safe from virus's....
I remember when that was a argument mac users used all the time.


BTW, yes it can affect mac and Linux.
 

SmokeShow

Well-known member
Nov 30, 2006
6,818
34
48
43
Lawrenceburg, KY
You can check whether you are infected by openin your Firefox Browser and clickin on the Tools-Menu and select “Add-ons”. Then select the last tab called “Plugins” and make sure that you do not have a plugin called “Basic Example Plugin for Mozilla - npbasic”.

If you see this, you can disable the plugin by clicking on “disable”.

All TrustDefender users are protected by default from this attack.

When I select "Add-Ons" in the Tools drop down menu, there is NO tab or anything else that says "Plugins" for me to select. There are two (2) tabs. One says "Extensions" and the other says "Themes". I have been getting a pop-up saying there's a new version of Firefox available/ready to download but I haven't done it yet. Should I or should I stay where I'm at? I can't remember which version of Firefox I'm running at the time.


C-ya
 

TheBac

Why do I keep doing this?
Staff member
Apr 19, 2008
15,618
1,875
113
Mid Michigan
I see the same thing that Mitch does. My Add-ons list is "Extentions", "Themes" and "Updates". Thats it. Does that mean the malware is NOT on my computer???

Version 2.0.0.18



Thank you for letting us all know, cbrew.
 

mxracer

New member
Nov 15, 2008
15
0
0
Lincolnton, NC
I see the same thing that Mitch does. My Add-ons list is "Extentions", "Themes" and "Updates". Thats it. Does that mean the malware is NOT on my computer???

Version 2.0.0.18

Thank you for letting us all know, cbrew.

The reason you guys see something diff is the version you are running. 3.0.4 is the latest and the instructions above are for that version. Sorry I don't remember how to get to installed plug-ins for 2.0. All the info is relevant to 3.0.x from what I have read, but I would suspect the extension can be installed in 2.0 as well.

First thing I'd do if I were you is upgrade to 3.0, you will like the new features.
 

The Neens

BFD
Staff member
Aug 10, 2006
4,596
1
36
Monrovia, Ca.
When I select "Add-Ons" in the Tools drop down menu, there is NO tab or anything else that says "Plugins" for me to select. There are two (2) tabs. One says "Extensions" and the other says "Themes". I have been getting a pop-up saying there's a new version of Firefox available/ready to download but I haven't done it yet. Should I or should I stay where I'm at? I can't remember which version of Firefox I'm running at the time.


C-ya

I'm using version 3.0.4 without any issues...

I did what Mike suggested and luckily do not have that plugin installed...
 

TheBac

Why do I keep doing this?
Staff member
Apr 19, 2008
15,618
1,875
113
Mid Michigan
The reason you guys see something diff is the version you are running. 3.0.4 is the latest and the instructions above are for that version. Sorry I don't remember how to get to installed plug-ins for 2.0. All the info is relevant to 3.0.x from what I have read, but I would suspect the extension can be installed in 2.0 as well.

First thing I'd do if I were you is upgrade to 3.0, you will like the new features.

Ok, just updated Firefox and in Tools, the Plug-ins tab is now there. Luckily, that browser plug-in is not listed.