Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Disguises Itself as Firefox Extension

Posted by ryuzaki0 on from the not-yet-linux-compatible dept.

Juha-Matti Laurio writes "The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The most dangerous part of the issue is that it records itself directly into the Firefox configuration data, avoiding the regular installation and confirmation process."

18 of 247 comments (clear)

  1. Re:Not a vulnerability. by kfg · · Score: 5, Funny

    I refuse to use this trojan until it's ported to Linux.

    We have to send a message to developers that we want our apps native.

    KFG

  2. Break extension by Anonymous Coward · · Score: 5, Funny

    In next version of Firefox, the extension will be broken anyways. Mozilla breaks extension every new release. :D

  3. Thankfully, I'm running IE by Anonymous Coward · · Score: 5, Funny

    Which makes me invulnerable to snooping for credit card numbers as all my accounts are empty and my credit rating is ruined.

  4. Re:and? by hotdiggitydawg · · Score: 4, Funny

    (response from Lynx user) *cough* ActiveX *cough* *snigger*

  5. Re:Emphasis on that. by Short+Circuit · · Score: 2, Funny

    If your OS is not secure, no app running on it can be secured.

    Ssh...don't tell the RIAA.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  6. Re:Not a vulnerability. by lowrydr310 · · Score: 2, Funny
    The headline makes it seem like Firefox is bad because there's a new piece of spyware that takes advantage of it.

    Darn, I knew this was going to happen sooner or later. Time to switch to IE. oh, wait a minute...

  7. that's it, I'm switching to Internet Explorer by Anonymous Coward · · Score: 3, Funny

    I've had it. That's it, I'm switching to Internet Explorer. You can play with your crappy browser but I'm done with it.

  8. Spyware Disguised as an MSIE Extension by krell · · Score: 5, Funny

    It could have been worse, like spyware disguised as a Microsoft Internet Explorer extension. That's sort of like Nixon wearing a Nixon mask.

    --
    Where were you when the voynix came?
  9. Re:Not a vulnerability. by 140Mandak262Jamuna · · Score: 5, Funny
    Come on, You dont even have to be a script kiddie to write malware for Linux.

    This is how it works:

    First create an executable that will do bad things. It could even be a csh script. Then send emails to all and sundry like this and attach that file"

    Dear Linuxuser,

    This is a virus/trojan/worm/malware for Linux. It works on the honor system. Please forward the attachment to all addresses in your .mailrc first and then save it to disk, chmod +x and sudo it. Thank you.

    Attachment: malware

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  10. Re:Not a vulnerability. by zo1dberg · · Score: 5, Funny

    This is the one thing that keeps people from running Linux on their desktops! We normal users don't want to fiddle around with the commandline and stuff like that, we need a point-and-click-interface to compromise the security of our computers! Trust me, until this is fixed, Linux has no hope of ever becoming a serious competitor to Windows.

  11. Re:Not a vulnerability. by Not+The+Real+Me · · Score: 5, Funny

    Good point.

    A friend of mine has certifications as an MCSE and a CNE. When I tell him to run "ipconfig /all" and "route print" (on his WinXP machine), the look of consternation and confusion on his face is priceless.

  12. make it open source by kdemetter · · Score: 5, Funny

    just send the source code in a nice tarball .

    that way it's open source and people can improve it .

    --
    Slipping shoelaces ?
  13. Re:Not a vulnerability. by PsychoSid · · Score: 5, Funny

    csh ! What century have I entered this time.

  14. Re:Not a vulnerability. by RedOregon · · Score: 4, Funny

    Actually, I'd call it a "man in the backdoor" attack, considering what it does to you...

    --
    Skivvy Niner? Email me!
    HEY! Look left just ONE MORE TIME!
  15. Re:Not a vulnerability. by soft_guy · · Score: 4, Funny

    A friend of mine has certifications as an MCSE and a CNE

    With friends like that, who needs users?

    --
    Avoid Missing Ball for High Score
  16. Re:Not a vulnerability. by jftitan · · Score: 3, Funny

    Dear Linux User,

        This is a virus created for Windows users, and it is based on the honor system.
      Please forward this email and its trojan/virus written attachment to all your
      Microsoft based users, and let them know how much you care!

        Sincerely,

          Another Linux User Friend

    ATTACHMENT: firephox.extention.exe

    --
    "Don't Forget to Salt the Fries"
  17. Re:Personally... by SydShamino · · Score: 4, Funny

    Teach a man to send an "internet," and he can be a senator!

    http://www.youtube.com/watch?v=DClkE64nFDY
    Fast forward to about 2:00.

    --
    It doesn't hurt to be nice.
  18. Re:Not a vulnerability. by drinkypoo · · Score: 4, Funny
    It's depressing to me because I think MCSE used to mean something

    It still does: Moron Confused by Sun Equipment.

    Still better than Netware, which has two certification which stand for Certainly No Experience and Can't Network Anything.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"