Slashdot Mirror


'Greasemonkey' Malware Targets Firefox

snydeq writes "Researchers have discovered a new type of malware that collects passwords for banking sites but targets only Firefox. The malware, dubbed 'Trojan.PWS.ChromeInject.A,' sits in Firefox's add-ons folder, registering itself as 'Greasemonkey,' the well-known collection of scripts that add functionality to Web pages rendered by Firefox. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including PayPal, collecting logins and passwords, which it forwards to a server in Russia. Trojan infection can occur via drive-by download or download duping."

6 of 370 comments (clear)

  1. also by ODiV · · Score: 3, Interesting

    What happens if you already have Greasemonkey? Would it stop working or does the malware work fine alongside it?

  2. Username/password combo for banks flawed. by Vellmont · · Score: 5, Interesting

    It's just part of the mounting evidence that username/password combinations for banks is inherently flawed. "Somthing you know" can always easily be known by someone else. Bank security should (IMO) be also based on "something you have", like an ATM card.

    If banks really wanted two-way authentication to work properly, they'd use a hardware device (USB-key) that had to be present in the machine to login to your account. The hardware device would be implemented in such a way to make it impossible to copy the functionality of it without physical access to it.

    --
    AccountKiller
  3. Re:only firefox? by Ed+Avis · · Score: 5, Interesting

    The cool thing about Firefox is that you can basically force users into installing malware by exploiting bug 59314. Just keep popping up a dialogue box (with no way to stop it or switch to another tab) until the user gives in and says yes.

    --
    -- Ed Avis ed@membled.com
  4. Re:only firefox? by Reece400 · · Score: 3, Interesting

    I've had quite a few issues with Ubuntu because of my years of using windows. I'm used to hitting Enter rather than clicking for the default actions. Especially the overwrite file dialogs which default to 'no' in windows and 'yes' in ubuntu

  5. Re:I wish by cayenne8 · · Score: 3, Interesting
    "it will do you no good without my keyfob and it's current 6 digit number. My bank, paypal, ebay, and 2 of my credit cards use the same keyfob because they use verisign and it defeats every single one of these trojans, keyloggers, and scammers. Why they are not common place I'll never understand."

    Interesting...I'd not heard of such and option being available for PP, eBay or banks.

    What bank is that with?

    Do you have links on how to set this up with PP and eB? Is it one fob that does it for them all or one for each?

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  6. Re:only firefox? by hairyfeet · · Score: 3, Interesting

    I do use Noscript on all my machines, but for my customers it really is a "nuke it from orbit" solution which causes more problems than it solves. What we need for Noscript is a "average Windows user" setting which would whitelist Youtube and the other popular video sites, along with a "horny guy" setting that would add Porntube, Redporn,etc. Because I have tried to teach my Windows customers about whitelisting but sadly it turns into another Vista style "always click allow" which kills the whole point. Perhaps a simpler dialog box interface for Noscript than the current one? Maybe one that would detect .flv,.swf,rmb,etc and have a simple "click if you want to play the video" button?

    --
    ACs don't waste your time replying, your posts are never seen by me.