After a few reports in the press around a new Malware that specifically targets Firefox users, we thought we have a more detailed look at this piece of malware.
In general, it only targets Firefox users. This fact will disturb many users that “escaped” Internet Explorer and switched over to Firefox for security reasons. It is long known that Firefox has with the XUL Interface and the Plugins a mechanism that is very similar to Internet Explorer’s BHO (Browser Helper Objects). In fact, the browser plugin is essentially just a DLL that can contain whatever content – including malicious one.
When we installed this component, the first interesting thing was that it will install itself silently without any user interaction or user notification. This is a bit disturbing as normally the Firefox User Design is quite well-thought through.
What this malware then does is as follows:
- It has a pre-compiled list of hostnames that it watches for. If the user goes to any of these websites, the malware will load the malicious DLL and inject HTML into the current Firefox page.
- This additional code will then steal any information they want, including username and passwords and other identity related information.
- The sample we analyzed affected 103 financial institutions worldwide, including 10 financial institutions in Australia.
Technical Details
After the malware is installed, it is actually visible as a plugin, however it has the innocent name “Basic Example Plugin for Mozilla”
It hooks into the XUL engine and “watches” the internet traffic for the URL’s it is interested and injects then HTML code.
Overall this malware is not anywhere as sophisticated as the top-class trojans like silentbanker, Sinowal, …, however it gets the job done. A few things are worth mentioning as they are quite unique:
- The malicious component (DLL) will only be loaded if the user goes to any of the URL’s the malware watches. This means that e.g. when you start Firefox, the system and all components are fine and the malware actually is not active in memory.
- Only when the user enters one of the affected financial institutions website, the malicious DLL is loaded.
How to check whether you are infected?
You can check whether you are infected by openin your Firefox Browser and clickin on the Tools-Menu and select “Add-ons”. Then select the last tab called “Plugins” and make sure that you do not have a plugin called “Basic Example Plugin for Mozilla – npbasic”.
If you see this, you can disable the plugin by clicking on “disable”.
All TrustDefender users are protected by default from this attack.
cheap is placed replica
cheap is placed replica watches under an ion fake watches beam. The data rolex is compared with replica rolex other bottles tag heuer from the cellars
the chateaux. replica watches
the chateaux. replica watches Any difference will fake watchesindicate the wine fake rolex is a forgery.Spanish replica rolex scientists invented breitling a contraption
mbt sandals sale
The mbt shoes online Suede is a great everyday mbt sandals with a sleek and smooth appearance. Give your muscles the attention they deserve in the office or other business settings. mbt mary jane shoes are constructed of high quality Nappa leather, providing comfort and lasting power! mbt fumba sandals made with the same patented Masai Barefoot Technology. mbt shuguli gtx features rich, split leather uppers with an adjustable mbt ema sandals hook-and-loop instep strap for a perfect fit. Wearing mbt changa denim shoes is like walking barefoot mbt panda sandals on springy moss or on a sandy beach. mbt fanaka gtx Shoes are healthy and fashionable.
ugg classic mini
Ugg Classic Short Boots are UGG Australia's original heritage styles. Ugg Classic Tall will keep your feet dry and the ultimate comfortable.You can dress the Ugg Classic Mini to feel top-level luxury feeling.The color of such Ugg Kids Boots is much bright which can make you more attractive. Ugg Ultra Tall is made of high-grade soft wool fabric that let your feet remain warm and comfortable.There are many different varieties of Bailey Button Ugg Boots | Ugg Bailey Button Boots | Ugg Boots Bailey Button for your choice. Just act quickly to buy the cheap Ugg Ultra Tall Boots | Ugg sundance boots !
prada sneakers
In the Internet ,it have more and more cheap Hot Shoes to buy . Because all of our life is a customer, the customer's characteristics is like inexpensive Prada Sneakers. Waking to work with Gucci shoes|NBA Shoes can keep healthy, prevent spinal problems.Jordan Collezione |adidas sneakers|are based on people’s travel characteristics of design and manufacture. So you must be careful to select air force 1 shoes|air jordan 7 retro|Air Jordan Kids|Jordan Dub Zero|new balance shoes. Good luck!
good for sharing
Nike Air Max Shoes, not only is the sneakers of consolidating high-tech sporting but also emphasizing the fashionable outer designs, is working consquently together with fashion icons worldwide.We offer great products from nike air max 90, nike air max 95, nike air max 360, nike air max 2009 and many more, they are on hot sale.Our purpose is to offer a low cost alternative to high designer shoes prices. We listen to our customers, adding the latest men's and women's trendy styles.
Find nike air max running shoes and buy nike air max online, Kicksinfo,Inc. is your best choice. We can provide Fashion design High quality nike air zoom shoes for you. All products on our site are already marked down 30-60% off retail price.
Post new comment