AOH :: ISN-2790.HTM

New Trojan poses as Firefox extension




New Trojan poses as Firefox extension
New Trojan poses as Firefox extension



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-36301379-1154064704=:29844
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

http://www.techworld.com/security/news/index.cfm?newsid=6524 

By Jeremy Kirk
IDG News Service
26 July 2006

A new password-stealing Trojan masquerading as an extension to Firefox is 
on the loose.

Called "FormSpy", it is downloaded to a computer that is already infected 
with another Trojan horse called "Downloader-AXM", according to McAfee. 
That Trojan was recently detected in e-mail spam messages. Downloader-AXM 
contacts servers to download other malicious programs to a computer 
without a user's knowledge. Once downloaded, FormSpy installs itself as a 
Firefox extension.

The program appears as the "NumberedLinks 0.9" extension, which would 
normally would allow a user to navigate links by numbers using the 
keyboard rather than a mouse. The payload is that FormSpy can transmit 
information in a Web browser to another website, which could include 
credit card numbers, passwords and electronic banking pin numbers, 
according to McAfee. FormSpy can also steal e-mail, ICQ instant messaging 
service and FTP passwords.

The targeting of Firefox is not coincidental. Microsoft's rival Internet 
Explorer browser has reigned in the ability of ActiveX controls to be 
installed without digitally-signed verification, something that will 
become standard on the forthcoming IE7. Mozilla is still without that 
protection, relying on confirmation dialogues.

All contents =C2=A9 IDG 2006.


--1457021584-36301379-1154064704=:29844
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com 

--1457021584-36301379-1154064704=:29844--

Site design & layout copyright © 1986-2014 CodeGods