Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: All
Guess I need to put this link out so it is obvious:

Spyware disguises itself as Firefox extension

***********************************

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. It is currently being openly disseminated through spam emails that purport to come from Wal-Mart. If the recipient opens the mail attachment while running a Windows operating system, the Trojan then installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. McAfee has dubbed the Trojan "FormSpy," although the company is still currently categorizing its distribution as low.

The file attached to the email consists of an executable Windows program, the AXM downloader. Once launched, it fetches the extension from the Internet and records itself directly into the Firefox configuration data, avoiding the regular installation process. Firefox extensions are normally distributed as XPI files, which ask the user for confirmation after forcing a pause of several seconds.

In a blog entry, Geok Meng Ong from McAfee Avert Labs called on users to take extreme caution when installing unsigned Firefox extensions from untrustworthy sources. This well-intended warning was actually off the mark on several points. One the one hand, only very few websites are authorized to install extensions without seeking additional approval. Furthermore there are at the moment virtually no signed extensions for Firefox or Mozilla. And finally, that mechanism would not have protected against this attack. This is because the user, in opening the file attachment and thereby allowing the foreign program to execute on his computer, automatically provides it with his own usage rights.

An effective protection against this attack is simply never to open file attachments that you have not requested. It is also important not to rely on seemly trustworthy 'From:' address fields, since these are easy to forge. When in doubt, confirm the legitimacy of the email with the purported sender in another way, such as by telephone. Further tips for safe handling of email are provided at heisec Emailcheck.

See also:


8 posted on 07/27/2006 10:53:33 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 6 | View Replies ]

To: All
This might be useful:

heisec Emailcheck

Courtesy of

*********************************************

Email has become the main entry point for viruses and worms. Inboxes are full of infected emails, and new contaminants are popping up every day. While anti-virus programs can reduce the risk, they cannot eliminate it altogether. It is therefore important to change your behaviour and the programs you use to take account of these threats.

Here, you will find everything you need to know to protect yourself from the flood of viruses. The section More info describes the possible risks, such as HTML emails and file attachments. Under Changing settings, we show you how to configure your email program to make it secure. Under Test emails, you can have emails sent to you that will reveal typical weak points without causing any damage.

For comments and suggestions, write to: emailcheck@heisec.co.uk

9 posted on 07/27/2006 10:58:52 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 8 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson