Firefox users beware
Thread Starter
|
Lead Driver
Joined: Dec 2003
Posts: 6,773
Likes: 7
From: On the road in Ohio
Firefox users beware
McAfee: Trojan horse cloaks itself as Firefox extension
The malware appears as the 'NumberedLinks 0.9' extension
http://www.computerworld.com/action/...=NLT_AM&nlid=1
The malware appears as the 'NumberedLinks 0.9' extension
http://www.computerworld.com/action/...=NLT_AM&nlid=1
Cargo Master
Joined: May 2003
Posts: 2,561
Likes: 1
From: Earth
Thread Starter
|
Lead Driver
Joined: Dec 2003
Posts: 6,773
Likes: 7
From: On the road in Ohio
Virus Profile: FormSpy
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 7/25/2006
Date Added: 7/25/2006
Origin: N/A
Length: 42,496 bytes
Type: Trojan
SubType: Spyware
DAT Required: 4814
Virus Characteristics
This is a detection for a malware that is installed as a Mozilla/Firefox component extension.
Upon execution, it registers Mozilla event listeners to the malware and sends information submitted by the victim in the web browser to a malicious website. These information can include, but is not limited to, credit numbers, passwords, e-banking pin numbers etc. The main executable is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic.
This malware was modified from the "NumberedLinks 0.9" which is an open source Mozilla component available off the Internet. To the victim, he or she would only notice the "NumberedLinks 0.9" extension being installed via the Mozilla graphical user interface.
Discovered from the wild, this malware was downloaded and installed by the Downloader-AXM trojan.
The original component installs the following files:
%MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome\n umberedlinks.jar %MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome.m anifest %MozillaUserProfile%\(ARBITRARY_CLASS_ID)\install. rdfFormSpy installs these additional files:
%MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome\n umberedlinks.jar (modified - FormSpy) %MozillaInstall%\components\AppInterConn.dll (FormSpy) %Mozilla%\AppInterConn.xpt (Mozilla component definition file) %Windir%\System32\138762763***** (FormSpy)(Where %MozillaUserProfile% is the Mozilla user profile folder e.g. C:\Documents and Settings\WindowsUser\Application Data\Mozilla\Firefox\Profiles\ f4dbo7e7.default; %MozillaInstall% is the Mozilla installation folder e.g. C:\Program Files\Mozilla Firefox; and %Windir% is the Windows folder e.g. C:\Windows)
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 7/25/2006
Date Added: 7/25/2006
Origin: N/A
Length: 42,496 bytes
Type: Trojan
SubType: Spyware
DAT Required: 4814
Virus Characteristics
This is a detection for a malware that is installed as a Mozilla/Firefox component extension.
Upon execution, it registers Mozilla event listeners to the malware and sends information submitted by the victim in the web browser to a malicious website. These information can include, but is not limited to, credit numbers, passwords, e-banking pin numbers etc. The main executable is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic.
This malware was modified from the "NumberedLinks 0.9" which is an open source Mozilla component available off the Internet. To the victim, he or she would only notice the "NumberedLinks 0.9" extension being installed via the Mozilla graphical user interface.
Discovered from the wild, this malware was downloaded and installed by the Downloader-AXM trojan.
The original component installs the following files:
%MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome\n umberedlinks.jar %MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome.m anifest %MozillaUserProfile%\(ARBITRARY_CLASS_ID)\install. rdfFormSpy installs these additional files:
%MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome\n umberedlinks.jar (modified - FormSpy) %MozillaInstall%\components\AppInterConn.dll (FormSpy) %Mozilla%\AppInterConn.xpt (Mozilla component definition file) %Windir%\System32\138762763***** (FormSpy)(Where %MozillaUserProfile% is the Mozilla user profile folder e.g. C:\Documents and Settings\WindowsUser\Application Data\Mozilla\Firefox\Profiles\ f4dbo7e7.default; %MozillaInstall% is the Mozilla installation folder e.g. C:\Program Files\Mozilla Firefox; and %Windir% is the Windows folder e.g. C:\Windows)
Thread
Thread Starter
Forum
Replies
Last Post
