TrustDefender takes closer look at Firefox 'œPlugin' malware

Alex Zaharov-Reutt
Monday, 08 December 2008 08:40

Your IT - Home IT

Despite the fact that Firefox is seen as a safer browser than Internet Explorer, the emergence of the latest Firefox malware Plugin shows that a browser alone is not enough protection in a world of evil banking Trojans, botnets, rootkits and crimeware.

TrustDefender is an Australian IT security company that makes a unique claim: that your computer can be infected with the worst malware, rootkits, Trojans and more, yet when you connect to your bank or do other online transactions, you will be completely protected.

Protected from that information being stolen, protected from that session being hijacked, and protected from identity theft, while ensuring that, for the first time, your computer is part of your bank’s overall security chain at the time that is the most crucially important: when you are engaged in a transaction.

Even if those Trojans, rootkits and other crimware programs are completely unknown and brand new to the world. It’s doubly amazing because no-one else has yet been also able to make that same claim despite TrustDefender being in business for a couple of years and winning awards for its technology.

Full details of what TrustDefender claim and how they do it is at its website, but suffice it to say that they now have several financial institutions using its protective software today, with those financial institutions offering TrustDefender free to all their clients.

There are some major “global” banks also involved in testing and evaluating TrustDefender as we speak, and given the fact that TrustDefender helps to prevent bank accounts from being compromised (as is happening on a massive scale right now worldwide, fuelling the underground economy with billions of stolen dollars), you can understand why some of the world’s big banks are very, very interested.

So, let’s turn to TrustDefender’s latest blog entry, from CTO and co-founder Andreas Baumhof.

Here Baumhof notes that when it comes to the Firefox malware called “ChromeInject”, Firefox’s “honeymoon is over”.

Baumhof decided to take a “more detailed look at this piece of malware”.

Baumhof notes that: “In general, it only targets Firefox users. This fact will disturb many users that “escaped” Internet Explorer and switched over to Firefox for security reasons.

“It is long known that Firefox has with the XUL Interface and the Plugins a mechanism that is very similar to Internet Explorer’s BHO (Browser Helper Objects). In fact, the browser plugin is essentially just a DLL that can contain whatever content - including malicious content.

“When we installed this component, the first interesting thing was that it will install itself silently without any user interaction or user notification. This is a bit disturbing as normally the Firefox User Design is quite well-thought through.”

Here’s where things become worrisome, as Baumhof notes in examining what this malware does.

What he discovered is on page 2, please read on.