Posted on 12/04/2008 5:02:20 PM PST by Mygirlsmom
Trojan.PWS.ChromeInject.A, which registers itself in Firefox's system files as 'Greasemonkey,' collects passwords for banking sites
By Jeremy Kirk, IDG News Service
December 04, 2008
Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.
The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.
Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.
Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting a vulnerability in a browser, or by being duped into downloading it, Canja said.
When it runs on a PC, it registers itself in Firefox's system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.
BitDefender has updated its products to detect it, and other vendors will likely follow suit quickly, Canja said. Users could avoid it by only downloading signed, verified software, but that's a measure that restricts the usability of a PC, he said.
The malware is not present in Mozilla's repository of add-ons, Canja said. Mozilla had taken steps to ensure that its official site hosting add-ons -- also called extensions -- are free from malware.
In May, Mozilla acknowledged that the Vietnamese language pack for Firefox contained a bit of unwanted code. Although widely reported as a virus, the language actually contained a line of HTML code that would cause users to view unwanted advertisements.
Mozilla now scans new add-ons for malware. However, those scans will only detect known threats, and there was no signature in the security software Mozilla was using at the time that could detect the code.
Mozilla said the code probably ended up in the language pack after the PC of its developer became infected. More than 16,000 people downloaded the language pack, but only about 1,000 people regularly use it.
After the incident, Mozilla said it would scan add-ons in its repository when antivirus signatures were updated.
My first post--sorry if there are any errors....
ping
A bit? LOL.
Thanks for the info. If it was posted before, I missed it. ;-)
I use FF and just disabled Grease Monkey ....
How does one go about do that ?
ping
Thank you very much for posting this!!! I just started having problems with my laptop a couple days ago. The word “greasemonkey” in your post absolutely jumped out at me because that is one of the popups that keep occurring. It’s shut down my system restore, won’t let me access MS sites, among other problems. Still trying to figure out how to fix it if if won’t let me download anti-spyware from MS. I’m afraid at this point I may have to reinstall the OS.
Just left click on the monkey icon and it will either be bright or go gray ... when gray it’s turned off. Never figured out what it’s for. A friend just loaded me up with all sorts of add-on’s from FF ....
YES, how do you do that???? Thanks for your help to us Firefox users!! :~)
Tools > Add-ons > Greasemonkey > Disable button
Just left click on that monkey face and it will go gray, or right click and you get a little menu. Click on where it says “enable” and the little check mark will go away and the face will turn gray .... not sure what it’s used for ...
Thank you, I’ll try that. This is the first time I’ve ever had a problem like this. Very frustrating. I had downloaded McAfee from Comcast and Windows Defender and thought I was safe. So much for “thought”!
Never knew there was a problem - my problem now is how to sort my bookmarks so they’re in alphabetical order. The previous version had a place on the drop down menu where you just clicked it and it sorted. Now that’s not available and I have a pile of unsorted bookmarks at the bottom of the list.
I don’t even have greasemonkey in there so Im goood i hope thanks
I’d just like to be able to be online without all kinds of popup windows every two seconds! Not to mention my computer going to a blue screen where it says stop error must shut down to protect computer!
read later
In FireFox go to TOOLS, OPTIONS,CONTENT and click on BLOCK POPUP WINDOWS ....
NoScript + AdBlock = Happiness.
wow.. amazing how they can prattle on about something without actually mentioning the offending file names or a way to identify whether or not your system has been compromised.
again, quality reporting by the press...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.