Friday, July 28, 2006

Trojan disguises itself as Firefox extension

McAfee have warned of a trojan, FormSpy that disguises itself as a Firefox extension.

The trojan pass itself off as a valid open source Mozilla component, "NumberedLinks 0.9". To the victim, he or she would only notice the "NumberedLinks 0.9" extension being installed via the Mozilla graphical user interface. Behind the scences, the trojan begin to sniff for credit cards numbers, passwords, PINs etc from ICQ, FTP, IMAP, POP3 traffic and start sending the information to an external server.

Currently, the trojan is spreading mainly through spam emails with the fake Firefox attachment. Once executed, it downloads the real extension off the net and records itself directly into the Firefox configuration data, avoiding the regular installation process. Thus, the real attachment is installed but so is the trojan.

With the Firefox gathering more and more mainstream popularity, do expect more of the same thing. One golden rule is to be very careful opening attachment. Do not think a word document or a mp3 file is safe as the the file formats are very easily changed.

Source : McAfee Avert Labs


Technorati: , .

posted by wert | Friday, July 28, 2006 | Email This!


0 Comments:

Post a Comment

<< Home

Disclaimer: This blog is not intended to be authorative or clever in any way. It was based on rambling of a half crazed creature, so treat it as such and let it be! I was asked to keep my dangerous thoughts and unbalanced views all in one safe place , and so I did. Objectivity, Accuracy, Responsiblity and any High Standards are certainly not part of this blog's features. However, I must stress that I do not strive to mislead people, confuse people, and much less undermine our national strategy.