PC Pals Forum

Technical Help & Discussion => General Tech Discussion, News & Q&A => Topic started by: Clive on July 26, 2006, 16:38

Title: Spyware poses as Firefox extension
Post by: Clive on July 26, 2006, 16:38

The Register
By John Leyden
Published Wednesday 26th July 2006 13:51

Virus writers have created a spyware package that poses as an extension to the Firefox web browser.

FormSpy, which poses as the legitimate NumberedLinks 0.9 extension, is programmed to steal confidential information from compromised machines including passwords, credit card numbers, and ebanking login details. The malware is also capable of sniffing passwords from ICQ, FTP, and email traffic before sending this data to a hacker-controlled website.

FormSpy is normally downloaded onto compromised machines already infected with another Trojan program, called Downloader-AXM. It can also spread as a drive-by download from compromised websites.

Downloader-AXM began spreading via virus infected spam messages (example here) earlier this week. Fortunately, the attack is not yet widespread, according to net security firm McAfee, which has published a detailed write-up of the threat here. ®


http://www.theregister.co.uk/2006/07/26/firefox_malware_extension/

Title: Spyware poses as Firefox extension
Post by: sam on July 27, 2006, 08:44

i wondered when this would happen.

Title: Spyware poses as Firefox extension
Post by: Simon on July 27, 2006, 08:56

Presumably, this rogue extension didn't appear on the official Firefox site?  If it did, that's very bad.  Hopefully, by sticking to the official download locations for extensions, uses should be kept safe.  :|

Title: Spyware poses as Firefox extension
Post by: sam on July 27, 2006, 09:19

yeah, i doubt it did. The firefox mod people test all of the extensions...

Title: Spyware poses as Firefox extension
Post by: Lona on July 27, 2006, 16:38

:believe: I've just installed an extension from Firefox.

A box came up stating a new extension for firefox had just been released and to close my browser to install it, which I  did.

Could this be the virus?

Title: Spyware poses as Firefox extension
Post by: Clive on July 27, 2006, 16:42

THIS (http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=140256) link will give you more information Lona.

Title: Spyware poses as Firefox extension
Post by: Lona on July 27, 2006, 17:16

Thanks Clive. :)

I checked my extensions on firefox and there is nothing showing as numbered links 09.

I've ran my antivirus and no virus found.

Hope it was just a co-incidence. :?

Title: Spyware poses as Firefox extension
Post by: Simon on July 27, 2006, 18:55

Was it one you already had, which just needed updating, Lona?

Title: Spyware poses as Firefox extension
Post by: Lona on July 27, 2006, 19:58

I've just checked my updates and it says it was a security update (2006071912)

Title: Spyware poses as Firefox extension
Post by: Clive on July 27, 2006, 21:08

Phew!  Glad to hear everything is OK Lona!