Spyware takes aim at Mozilla browsers

ZDNet ^ | February 9, 2005 | Ingrid Marson

[holymoly]

Security experts are advising that spyware that targets browsers from the Mozilla Foundation has been spotted--a threat that could worsen as its Firefox browser takes market share from Microsoft.

Stu Sjouwerman, the founder of Sunbelt Software, said on Tuesday that the anti-spyware company has discovered what it believes is the first spyware to take aim at surfers using Mozilla browsers.

Richard Stiennon, the vice president of threat research at Webroot Software, which also develops anti-spyware tools, said that the malicious software does not target Firefox specifically.

"According to my research team, this site does not target Firefox, but it does target Mozilla," Stiennon said. "(It's) only a matter of time now until a Firefox spy is discovered."

Although the spyware is only installed if users agree to download a certain file, many users are likely to click through, as the download's dialogue box gives no indication of the file's malicious payload, Sjouwerman said.

"It's done in a way that people might not recognise as a normal install, and will work in Firefox," Sjouwerman said. "It's not a full-fledged spyware attack yet, but it definitely shows where it's going."

Experts believe that Mozilla-based browsers such as Firefox have become a greater target for spyware as their market share has rapidly increased over the last six months--from 2.4 percent in May to 7.4 percent in November, according to Web traffic measurement company OneStat.com. Firefox has said that it is aiming for 10 percent of Web surfers by the end of 2005.

Writers of viruses and spyware for browsers have typically concentrated on Internet Explorer, because of its near-total market dominance. But that could be changing, now that Firefox is making gains at the expense of Microsoft's browser.

Sjouwerman said that "stealth spyware" targeted at Firefox is "bound to happen" as hackers are currently working hard trying to find security holes in the open-source browser. "There's a small army of rogue programmers that are tearing Firefox apart," he said.

But Graham Cluley, a senior technology consultant at security company Sophos, said he is not sure what type of spyware will target Firefox.

"It's hard to predict precisely what form spyware for Firefox may take, as it will depend in part on what security flaws may be found in the Firefox code in the future, and how quickly the community responds to patch those vulnerabilities," Cluley said.

David McGuinness, a Mozilla contributor, said Firefox protects PC users by displaying a yellow information bar if a site that is not Update.mozilla.org tries to automatically install code. But he warned that it will be more difficult to protect systems against a stealth install.

"It all boils down to user education. People can install applications with variable amounts of effort from all browsers. It's the stealth attacks that are the problem, where people get infected without running anything themselves," McGuinness said.

[holymoly]

The title:
"Spyware takes aim at Mozilla browsers"

Does not appear to be supported by the text of the article:
"...the malicious software does not target Firefox specifically...the spyware is only installed if users agree to download a certain file..."

[frogjerk]

The article seems like wishful thinking as well.

[frogjerk]

Spyware takes aim at Mozilla browsers

BUSH's FAULT!

[Rhetorical pi2]

Talk about your low-life, bottom feeding, scumbags.

I use two spyware detection programs - and still like Spybot. (Price is great!) I run a search at least three times a week - more if I have time.

[sonjay]

Breaking News:

Computer users are able to install applications on their own computers!

[Texas_Jarhead]

but what about this, ""According to my research team, this site does not target Firefox, but it does target Mozilla," Stiennon said."

[Abathar]

I run spybot, spywareblaster, and I just started giving MS's Antispyware a chance too. Even with all that I still get some stuff planted on my system. MS's new stuff does seem to be doing a good job, but I haven't found out how much it will cost once the free version expires.

[holymoly]

but what about this, ""According to my research team, this site does not target Firefox, but it does target Mozilla," Stiennon said."

What about it? How does the site "target" Mozilla? I require facts, not hyperbole.

[kevkrom]

Although the spyware is only installed if users agree to download a certain file

Well, duh. Executing any random file from any source will screw you over no matter what you're running. Just hope you don't have Admin privileges when you do something that stupid...

[Texas_Jarhead]

Ok whatever, I got no dog in this hunt but you asserted that the title was unjustified and I simply pointed out that it is supported by a direct quote from an "expert".

[holymoly]

His statment would appear to be contradicted by the one immediatley following it:

Although the spyware is only installed if users agree to download a certain file.

[nickcarraway]

ping

[KoRn]

Even if true, it doesn't matter to me. I don't use Firefox for security only. It's simply MUCH better than IE, and happens to be much more secure.

[Mannaggia l'America]

Does not appear to be supported by the text of the article: "...the malicious software does not target Firefox specifically...the spyware is only installed if users agree to download a certain file..."

How do you think most spyware gets installed via IE?

It's by users clicking "Yes" to everything that pops up.

[kevkrom]

How do you think most spyware gets installed via IE? It's by users clicking "Yes" to everything that pops up.

Actually, a decent amount simply exploits security holes and require no user action. XP Service Pack 2 stopped a lot of that by disabling certain things by default, but it still happens.

[holymoly]

How do you think most spyware gets installed via IE?

Drive-by installs, which can happen wihtout the users knowledge or permission.

http://pages.pomona.edu/~mep02001/spyware/Spyware1.html

"Unfortunately, there are problems with the implementation of ActiveX. The problems boil down to this:

* Security holes in some versions of Internet Explorer that can be exploited by malicious website creators to install ActiveX controls without prompting

* One malicious application can change the security settings on Internet Explorer so that all ActiveX controls (including malware) can auto-install without prompting

* Deceptive popups can lead uninformed users to install malicious applications, believing them to be important system updates, or software required to view a site"

[Mannaggia l'America]

Actually, a decent amount simply exploits security holes and require no user action. XP Service Pack 2 stopped a lot of that by disabling certain things by default, but it still happens.

Do you have any examples? (Seriously - the spyware I've encountered on users' PC's has come through their own actions, whether they realized it or not.)

[sarah_f]

Seeing that comment for the 3,134,675 th time is just SOOOOOOOOOOOOO funny.

[ShadowAce]

Browser ping

[Rio]

"Spyware takes aim at Mozilla browsers"

Are there other "moziilla browsers" besides firefox? I thought that Netscape might be from Mozilla - or related to it somehow, but now can find no reference to it.