charlie
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Dec-04-08 08:39 PM
Original message |
Firefox-only malware found |
|
Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.
The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.
The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.
...
When it runs on a PC, it registers itself in Firefox's system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.
http://www.infoworld.com/article/08/12/04/Firefox_users_targeted_by_rare_piece_of_malware_1.html How to detect it Presence of the: "%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll" "%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js" files in the Mozilla Firefox's plugins and chrome folders.
http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
|
RoyGBiv
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Dec-04-08 10:08 PM
Response to Original message |
|
So, I can be asked to RTFA, but I'll pose the question anyway.
Is NoScript a defense against this?
I enable javascript very selectively, which makes browsing an adventure sometimes, but I prefer it. Is this the sort of thing NoScript would block?
|
charlie
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Dec-04-08 10:28 PM
Response to Reply #1 |
|
The script is installed in the chrome directory, where Firefox uses javascript to power its GUI widgets. It's outside the webpage sandbox, so NoScript can't reach it. As far as I can tell.
|
RoyGBiv
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Dec-04-08 10:41 PM
Response to Reply #2 |
|
Disturbing.
Thanks for the heads-up.
|
charlie
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Dec-04-08 10:51 PM
Response to Reply #3 |
4. If NoScript *could* be tweaked to block it |
|
you know that it would've been updated 5 minutes after the news hit the wire. That guy issues revisions so often it's almost annoying :)
Sometimes I'll put off restarting after a download, only to find a new version has come out in the meantime. Or I'll update from the Mozilla repository and the initial redirect to his homepage informs me I don't don't have the latest from his site. That dude is just a tinkering fool... and all props and much appreciation to him for it.
|
RoyGBiv
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Dec-04-08 11:20 PM
Response to Reply #4 |
|
I am sometimes annoyed by it, but then I come to my senses. Would that all writers of software be that committed.
Reminds me ... I need to send him some money.
|
DU
AdBot (1000+ posts) |
Wed May 08th 2024, 02:37 AM
Response to Original message |