Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Baumhof says that ChromeInject “has a pre-compiled list of hostnames that it watches for. If the user goes to any of these websites, the malware will load the malicious DLL and inject HTML into the current Firefox page.
“This additional code will then steal any information they want, including username and passwords and other identity related information.
“The sample we analyzed affected 103 financial institutions worldwide, including 10 financial institutions in Australia.”
But what are the technical details?
Baumhof explains: “After the malware is installed, it is actually visible as a plugin, however it has the innocent name “Basic Example Plugin for Mozilla”. It hooks into the XUL engine and “watches” the internet traffic for the URL’s it is interested and injects then HTML code.
It’s at this point in the blog entry that Baumhof lists several images showing what is going on – if you want to see them (and click through to full-screen screenshots) then please click on this link.
Baumhof continues; “Overall this malware is not anywhere as sophisticated as the top-class trojans like silentbanker, Sinowal, …, however it gets the job done. A few things are worth mentioning as they are quite unique:
“The malicious component (DLL) will only be loaded if the user goes to any of the URL’s the malware watches. This means that e.g. when you start Firefox, the system and all components are fine and the malware actually is not active in memory.
“Only when the user enters one of the affected financial institutions website, the malicious DLL is loaded”, said Baumhof.
So, how to check whether you are infected or not?
Baumhof explains: “You can check whether you are infected by openin your Firefox Browser and clickin on the Tools-Menu and select “Add-ons”. Then select the last tab called “Plugins” and make sure that you do not have a plugin called “Basic Example Plugin for Mozilla - npbasic”.
“If you see this, you can disable the plugin by clicking on ‘disable’.”
Baumhof then concludes: “All TrustDefender users are protected by default from this attack.”
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
