This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=UTF-8
By Jeremy Kirk
IDG News Service
26 July 2006
A new password-stealing Trojan masquerading as an extension to Firefox is
on the loose.
Called "FormSpy", it is downloaded to a computer that is already infected
with another Trojan horse called "Downloader-AXM", according to McAfee.
That Trojan was recently detected in e-mail spam messages. Downloader-AXM
contacts servers to download other malicious programs to a computer
without a user's knowledge. Once downloaded, FormSpy installs itself as a
The program appears as the "NumberedLinks 0.9" extension, which would
normally would allow a user to navigate links by numbers using the
keyboard rather than a mouse. The payload is that FormSpy can transmit
information in a Web browser to another website, which could include
credit card numbers, passwords and electronic banking pin numbers,
according to McAfee. FormSpy can also steal e-mail, ICQ instant messaging
service and FTP passwords.
The targeting of Firefox is not coincidental. Microsoft's rival Internet
Explorer browser has reigned in the ability of ActiveX controls to be
installed without digitally-signed verification, something that will
become standard on the forthcoming IE7. Mozilla is still without that
protection, relying on confirmation dialogues.
All contents =C2=A9 IDG 2006.
Content-Type: text/plain; charset="us-ascii"
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.