Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Greasemonkey' Malware Targets Firefox

Posted by CmdrTaco on from the oh-this-can't-end-well dept.

snydeq writes "Researchers have discovered a new type of malware that collects passwords for banking sites but targets only Firefox. The malware, dubbed 'Trojan.PWS.ChromeInject.A,' sits in Firefox's add-ons folder, registering itself as 'Greasemonkey,' the well-known collection of scripts that add functionality to Web pages rendered by Firefox. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including PayPal, collecting logins and passwords, which it forwards to a server in Russia. Trojan infection can occur via drive-by download or download duping."

6 of 370 comments (clear)

  1. Re:only firefox? by miknix · · Score: 5, Insightful

    Mozilla needs your permission to install plugins from unverified sources.

    But since windows standard practice is to click on everything that has an OK on it, I think it doesn't matter.

  2. Re:only firefox? by Brain-Fu · · Score: 5, Insightful

    from the article:
    Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting a vulnerability in a browser, or by being duped into downloading it, Canja said.

    This is utterly unacceptable. They should give instructions to users on how to avoid downloading this.

    They listed two ways in which systems get infected. One is "by being duped into downloading it." The instructions to avoid this are easily enough translated as your standard Internet hygien guidelines: "When websites offer browser-enhancements to you, say no," and "don't execute email attachments even if they come from trusted friends."

    However, I want more detail about this "drive-by download" bit. There is a hole in my browser that will make it automatically download this addon, without prompting me? Give me a link. Give me the details. What versions have the hole? Has it been patched? Is there something I can do (other than "browse nothing") that will prevent this hole from being exploited? People need these details.

  3. Re:only firefox? by dedazo · · Score: 5, Insightful

    But since users' standard practice is to click on everything that has an OK on it, I think it doesn't matter.

    There, fixed that for ya.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  4. Re:This is a veiled blessing... by thtrgremlin · · Score: 5, Insightful

    I think an important thing to note here is that this is not using a Firefox exploit. It is using existing malware to manually install a plugin into Firefox. There is no proof of concept here at all, but point taken.

    --
    Want Big Business out of government? Take away the incentive and start by getting government out of big business!
  5. Re:only firefox? by hairyfeet · · Score: 5, Insightful

    Bingo, I have seen malware in both Firefox and IE installed using the "endless loop" dialog box that the previous poster pointed out on Bugzilla(BTW, how freakin sad is it that the bug is from pre-1.0 and is still there?). Here is how I saw it work, by using a test box i keep for bug testing and removal practice. I found the bug by going through the users history and going where he went.

    Here is how it works. You get Mr. Stupid Horny Guy to look at some topsites, you know the ones, a bunch of hot babe thumbnails that take them to yet more topsites. After a few minutes he will hit a site with a dialog box that says something like "You won a free hour in our hot babe video vault! Simply click yes to download the player and watch your hot videos full screen!" but thanks to the bug if he hits cancel it simply throws another dialog box in his face until he hits yes. If Mr Stupid Horny Guy even knows about ctrl/alt/del (which many don't) they will find the PC slow to a crawl whenever they try to launch it. So for Mr Stupid Horny Guy the choices come down to A=yank the plug out of the back, or B=click yes. So you can guess which of those 2 gets chosen more often.

    I just wish Mozilla would put a cancel button automatically on all dialog boxes that would just kill all scripts on a page. It would probably cut way down on the drive by downloads, at least the ones I have come across.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  6. Re:I wish by spammb · · Score: 4, Insightful
    This has to be one of the stupidest devices ever from the FAQ:

    Can I still log in to my PayPal account if I lose or break my token, or if I don't have my mobile phone with me?
    Yes. During login, we'll ask you questions to help confirm your identity. When you answer them correctly, you'll be able to log in.

    Isn't the whole point of this device that you have to have it to log in? What extra security does asking some questions to confirm my identity do if I have a virus logging everything I type?