Technology news and Jobs arrow Information Technology News arrow TrustDefender takes closer look at Firefox “Plugin” malware
TrustDefender takes closer look at Firefox “Plugin” malware E-mail
by Alex Zaharov-Reutt   
Monday, 08 December 2008
Page 2 of 2
Baumhof says that ChromeInject “has a pre-compiled list of hostnames that it watches for. If the user goes to any of these websites, the malware will load the malicious DLL and inject HTML into the current Firefox page.

Featured Whitepaper

5 Best Practices for Smartphone Support
“This additional code will then steal any information they want, including username and passwords and other identity related information.

“The sample we analyzed affected 103 financial institutions worldwide, including 10 financial institutions in Australia.”

But what are the technical details?

Baumhof explains: “After the malware is installed, it is actually visible as a plugin, however it has the innocent name “Basic Example Plugin for Mozilla”. It hooks into the XUL engine and “watches” the internet traffic for the URL’s it is interested and injects then HTML code.

It’s at this point in the blog entry that Baumhof lists several images showing what is going on – if you want to see them (and click through to full-screen screenshots) then please click on this link.

Baumhof continues; “Overall this malware is not anywhere as sophisticated as the top-class trojans like silentbanker, Sinowal, …, however it gets the job done. A few things are worth mentioning as they are quite unique:

“The malicious component (DLL) will only be loaded if the user goes to any of the URL’s the malware watches. This means that e.g. when you start Firefox, the system and all components are fine and the malware actually is not active in memory.

“Only when the user enters one of the affected financial institutions website, the malicious DLL is loaded”, said Baumhof.

So, how to check whether you are infected or not?

Baumhof explains: “You can check whether you are infected by openin your Firefox Browser and clickin on the Tools-Menu and select “Add-ons”. Then select the last tab called “Plugins” and make sure that you do not have a plugin called “Basic Example Plugin for Mozilla - npbasic”.

“If you see this, you can disable the plugin by clicking on ‘disable’.”

Baumhof then concludes: “All TrustDefender users are protected by default from this attack.”

Tags See All Tags


Alex ZaharovReutt  Antivirus  Banking  Browser  Browsers  Cyber attacks  Cybercrime  Data Loss  Data Protection  Finance  Financial  Malware  Security  Transactional Security  Trojan  Trojan Horse  Trojans  Trust  Web  account  banks  business intelligence  global financial crisis 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!


<< First page <   1 2 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers