Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Trojan Hides Itself as Firefox Extension

By Ed Oswald, BetaNews

July 26, 2006, 1:59 PM

Security firm McAfee warned of a new trojan that installs itself as a Firefox extension on Tuesday, saying it had found Web sites linking to a virus known as FormSpy. Once loaded on the infected computer, the trojan begins sending personal information entered in the Web browser to a malicious site.

"This information can include, but is not limited to, credit numbers, passwords, e-banking pin numbers" and other sensitive information, McAfee warned. The firm said the application is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic.

The issue is considered "low-risk," and those with current DAT files would not be susceptible to infection. The trojan requires another piece of malware, called "Downloader-AXM" to work, and McAfee has already added protection against that virus. However, McAfee says it does continue to circulate in the wild.

Web sites have been discovered linking to the Trojan which is hosted at the IP address 81.95.xx.xx. It is installed using an exploit for Internet Explorer known as VBS/Psyme. The exploit is detectable through Internet Explorer with VirusScan enabled, and the FormSpy Trojan is detectable through the latest DAT file.

"AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination," McAfee said.

Add a Comment (87 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By midnighter_9999

posted Jul 27, 2006 - 3:32 PM

I wonder wat IE7 will do now :-D

Score: 0

By midnighter_9999

posted Jul 27, 2006 - 3:24 PM

But as we see.....Bigger IE gets.....better vulnerablities.............BIGGER FIREFOX GETS......BETTER SECURITY

Opera.....well.....i dont use it.....but i see a beta come up almost everyday here.......and each time they have some fix.....

Firefox......less betas [only 2 and 3].....since there is improved security......less fixes.....better satisfying content!!

Score: 0

By anmol.2k4

posted Jul 27, 2006 - 4:09 AM

and that is why opera and its users are happy with widgets.

Score: 0

By PC_Tool

posted Jul 27, 2006 - 8:52 AM

*cough*fanboy*cough*

Let me get this straight, you're comparing widgets to extensions? Did you suffer massive head-trauma recently?

Score: 0

By Silentmaster101

posted Jul 27, 2006 - 10:11 AM

well you see.....

extensions=widgets=activex plugins=plugins=whatevermacscallthem

internet explorer=large market share=most targeted

firefox=gaining ground=recently targeted

opera=tiny market share=nobody cares enough about the opera crowd to target them or they assume they have no money to take.

check my math looks good to me

Score: 0

By fewt

edited Jul 27, 2006 - 11:35 AM

That's an unproven argument, and I believe it to be absolutely false.

In 1995, there were thousands of viruses for MS-DOS, and possibly millions of MS-DOS users.

Linux and Mac OS have millions of users today, so where are the viruses?

Firefox has over 10 million users (POOMA estimation based on 5% of downloaders actually sticking with it, see below for the 200 million downloads link. Estimate is likely WAY LOWER than actual.) so where are the exploits?

*1* malware here and there using some other technology to perpetuate the malware really doesn't count.

Score: 0

By Fidelio

posted Jul 27, 2006 - 2:33 PM

I think the point is not that Linux and MacOS have millions of users (maybe between both of them), but how many millions on users on Linux/MacOS versus how many in Windows.

Viruses will always target the predominant OS.

Now, the good think is that finally Firefox is beginning to get some of the fire that has been shoot at IE. Maybe because its marketshare is growing???

I'm happy still using IE, specifically IE7 (and I haven't had a virus/spyware issue since MS-DOS times) ;)

Score: 0

By fewt

edited Jul 27, 2006 - 2:44 PM

Firefox is getting some of the fire, how? Claiming that viruses will always target the predominant OS doesn't prove that it's a fact.

It would be naive to assume Linux and Mac OS don't have millions of users, Redhat isn't printing it's money. ;-)

LOL

Score: 0

By mshulman

posted Jul 27, 2006 - 5:31 PM

"It would be naive to assume Linux and Mac OS don't have millions of users, Redhat isn't printing it's money. ;-)"

He never said they don't have millions of users. It's the percentage. Why do hackers care to attack millions of users when they can attack hundreds of millions on windows?

Score: 0

By fewt

posted Jul 27, 2006 - 6:03 PM

"maybe between both of them"

Try reading it again.

Score: 0

By PC_Tool

edited Jul 27, 2006 - 11:27 AM

That's an unproven argument, it's absolutely false.

Prove it.

You cannot claim it is unproven, and then in that same sentance claim it is false.

Either it's proven (true or false), or it's unproven.

It is unproven.

Score: 0

By fewt

edited Jul 27, 2006 - 11:46 AM

fixed, heh

As for proving it, read my comment again. I provide evidence indicating that the virus scene for Firefox (and incidently for Linux and Mac OS) should be much worse than it is based on MS-DOS as my example.

Sure, it could be wrong but it's not worth the time to persue it further. It appears pretty solid at face value though.

Feel free to break it down, I'm all ears.

heh

Score: 0

By PC_Tool

posted Jul 27, 2006 - 12:17 PM

Yet you use words like "possibly".

Look, I'm not making any claims. I'm just saying it's all speculation.

As for face value, if I took everything at face value, I'd be living in a beach-front Condo in Montana right now. ;)

Score: 0

By dwaterman

posted Jul 27, 2006 - 12:12 PM

The user numbers probably aren't as important as the percentage of the user base. They are likely to aim for the biggest target.

Score: 0

By fewt

posted Jul 27, 2006 - 12:19 PM

The only evidence to support that argument is that Windows is the biggest target. This doesn't instantly imply it is targeted because of it's marketshare.

It could be argued that it was an easy target, actually evidence of that could be the shear drop in volume of Windows based worms since Microsoft instituted it's security initiative.

Score: 0

By dwaterman

posted Jul 27, 2006 - 3:02 PM

Your logic is very flawed...

common sense = most exploits are aimed where they will have the largest impact. Your logic implies that 10 people standing in a corn field have the same chance of being hit by a car as 10 people standing in the street.

Score: 0

By fewt

edited Jul 27, 2006 - 4:16 PM

That's not common sense, it's opinion.

Your logic doesn't even relate to my comment in any way.

Maybe if you were comparing a street to a street, and you used different cities one with more people than the other you may *MAY* have 1/2 an argument, but well I guess not.

Score: 0

By PC_Tool

posted Jul 27, 2006 - 1:05 PM

We are the fanboys.

Your logic is useless here.

Prepare to be flamed and trolled.

Resistance is futile (We won't listen anyway).

Score: 0

By fewt

posted Jul 27, 2006 - 1:28 PM

heh

Score: 0

By PC_Tool

edited Jul 27, 2006 - 10:44 AM

Prefect, except for one minor, but telling error:

extensions=widgets=activex plugins=plugins=whatevermacscallthem

Should read:

extensions!==widgets!==activex plugins!==plugins

Note: (Macs call them widgets, but Opera Widgets!==Konfabulator widgets!==Mac widgets.)

They aren't even close. The functions are vastly different, and the feature set is more or less limited depending. Not even going to go into the security and useability of the respective code or interface.

Score: 0

By Metshrine

posted Jul 27, 2006 - 11:29 AM

Exactly, widgets are NOT extensions, believe me. I yearn for the day that opera supports extensions or even allows 3rd parties to tie into the browser to fill in the gaps that the opera dev's fail at.

Widgets allow you to use the browser on the desktop for mini-tools, extensions do not do this.

Score: 0

By DEA-DecK

edited Jul 27, 2006 - 1:18 AM

The comments here are funny, most of you arguing with so-called strawman tactics. I'm from norway, and even -I- understood the article correctly - it's not Firefox thats the problem, but IE! Please just end the damn IE/Firefox-war, IE loose in any method you use to try IE "win" in a discussion. What I don't understand it's why you even bother to defend IE, it's so unintelligible that I sometimes wonder if you are payed by M$. And I'm sure that most of the "IE-defenders" has never tested Firefox or know little/nothing about browsersecurity at all. It doesen't hurt to just try Firefox, does it? If you don't like Firefox, try Opera. Just a desperate M$-lover or tory person would use IE as their default browser.
Of course can malicious software hit your computer and make harm anyway if your not careful or regulary check the system, but if you can as good as exclude one of the most exploited technique you would be much safer..wouldn't you?

I recommend you all to read The MAZZTer's comments, this user know what s/he is talking about.

Score: 0

By CyberDoc999

posted Jul 26, 2006 - 11:06 PM

this program will protect you from any web exploit!

http://nonadmin.editme.com/DropMyRights

Score: 0

By Intrusive_Rogue

posted Jul 27, 2006 - 9:07 AM

Thanks for the SPAM.

Score: 0

By SpaceQ

edited Jul 27, 2006 - 4:40 AM

Firs NOT all web exploits! plus it will cripple your browsing:"There's a known limitation with using DropMyRights to run Internet Explorer in "C" or "U" mode when accessing web sites that require SSL or SSPI-based user authentication (e.g. NTLM)."

Score: 0

By smallpotato

posted Jul 26, 2006 - 9:28 PM

Well, instead of debating which browser is at fault, why not investigate what VBS/Psyme is?

Do a search in Google, and we can find that this exploit was discovered in 2003, and it takes advantage of the vulnerability in ADODB.Stream object. Do some search again, and we can find that Microsoft has patched this vulnerability in 2004 by disabling ADODB.Stream object in Internet Explorer.

A vulnerability that was patched in 2004.

So to conclude, if a user does not update his/her system, he/she deserves the problems.

Score: 0

By jbaltz69

posted Jul 26, 2006 - 4:42 PM

Just like I.E. the bigger Firefox gets, the more exploits we will see for it.

Score: 0

By PC_Tool

posted Jul 26, 2006 - 5:43 PM

Just like I.E. the bigger Firefox gets, the more exploits we will see for it.

Read the summary, twit.

Unlike IE, the bigger firefox gets, the more exploits we will see for IE through Firefox.

This still does not affect firefox. It affects IE.

IE...exploited again...imagine my suprise.

Score: 0

By jbaltz69

posted Jul 27, 2006 - 5:44 PM

I'm still right, the bigger Firefox gets, them more exploits you will see for it or for its extensions, twit.

Score: 0

By SrLnclt

posted Jul 26, 2006 - 7:17 PM

Yeah yeah, it might use IE flaws to install itself. But the point remains, only firefox users would want to install a firefox extension.

This threat likely wouldn't exist if firefox didn't have a signifigant share of the market, or if it did this would infect a whole 2 people who wanted the extension.

MS needs to fix their issues or let users completely remove it.

Score: 0

By RejZoR

posted Jul 26, 2006 - 3:20 PM

Well thats where you're wrong. This trojan avoids that confirmation dialog and installs the spy component silently. Also read the summary again ecause it says VBS/Psyme affects IE, not FormSpy...
I have this sucker in front of me.
It's a SFX package containing JS and XPI file.
First one is to avoid that confirmation and second is the core component.

Score: 0

By The MAZZTer

edited Jul 26, 2006 - 3:19 PM

Why do half the replies here assume that it's a Firefox exploit? READ THE SUMMARY MORE CAREFULLY. It is installed through an INTERNET EXPLORER exploit.

Theoretically, any malware that would exploit this vulnerability would be able to do anything it wants to your computer. Installing an extension is just a matter of adding the extension files to your Firefox profile and updating the installed extensions list to point to it.

Firefox will not allow extensions to be installed from unknown sites until you explicitly add it to a list. And then, when an extension install dialog pops up, there is a 5 second delay before you can choose to install it.

(Sorry for my flood of posts here, but people who don't know how to read but insist on writing tick me off.)

Score: 0

By k12-IT

edited Jul 26, 2006 - 10:13 PM

Actually, this summary is not very good. It is not even really correct. An article on Information week is much better and is actually a dialog with McAfee staff. Below is a small portion which you can read at http://www.informationwe...tml?articleID=191202224

"The scam starts with spam posing as a message from the billing support department of mega-retailer Wal-Mart, said Craig Schmugar, the virus research manager at McAfee's Avert Labs. When someone opens the attachment, the Trojan downloads and installs two components, a keylogger as well as a sniffer."

As for Firefox not letting extensions install without your knowledge, this is what the article says:

"But it's the way that FormSpy gets onto a machine that's unique, Schmugar said. FormSpy masquerades as a Firefox extension, or browser add-on. It spoofs Numberedlinks 0.9, an extension that in its legitimate form lets users navigate links with the keypad. FormSpy uses some of the actual extension's code to put its hooks into Firefox.

Normally, Firefox extensions -- which in Windows have the .xpi file extension -- display a confirmation dialog that the user must acknowledge before the add-on installs. The bogus Numberedlinks, however, skips that.

The Trojan writes files directly to the Firefox folders without putting up the confirmation," said Schmugar."

So "The MAZZTder" before you believe a summary try reading more articles and get more facts. It ticks me off when people berate people and they don't have all the information either.

Score: 0

By GoodThings2Life

posted Jul 26, 2006 - 3:27 PM

You need to read more carefully and actually follow that up with more thought...

Internet Explorer is exploited to install it, but it still infects Firefox. Apparently it's exploiting both somehow, because how is IE having access to even install something in FF to begin with? Just because it starts with IE, doesn't mean FF isn't being exploited as well.

More importantly, never underestimate the ignorance of users who blindly click Yes, OK, and Agree without actually understanding what they're doing.

Score: 0

By PC_Tool

posted Jul 27, 2006 - 10:39 AM

never underestimate the ignorance of users who blindly click Yes, OK, and Agree without actually understanding what they're doing.

That would be more the fault of the user, and not the software, though, would it not?

Score: 0

By The MAZZTer

edited Jul 26, 2006 - 3:36 PM

Firefox stores extensions in files in your profile folder. I think it's safe to assume the trojan just plops it's file in with your firefox files.

It's also possible both programs need to run at once, and the trojan gains access to Firefox's memory space, and causes Firefox to jump to an "install extension" function.

Or maybe it changes Firefox's settings to disable the security prompt and then silently navigates it to the XPI package.

At any rate, whatever it does, it's clear that it has system access when it does it. It could just as easily install an IE toolbar, shortcuts on your desktop, a malicious winamp skin, and so on so forth.

Firefox's install theme/extension dialogs prevent blind clicking by disabling the "Install" button for 5 seconds. This gives the user enough time to resize what exactly the dialog is he's looking at, during which time he can't blindly dismiss it without canceling it as well.

I understand how some of these things work, I have gone rooting in my Firefox profile directory before to see how it ticks. I know how extensions are installed and stored. I know what I am talking about.

Score: 0

By zridling

posted Jul 26, 2006 - 2:44 PM

I've been saying it for years: when is Mozilla going to certify extensions? Until then, every other malicious jackass will giggle at how easy it is to undermine open source apps. That's really low, man.

Score: 0

By Desides

posted Jul 26, 2006 - 3:07 PM

They already do. Everything available from the Mozilla Add-Ons site is certified.

It's not Mozilla's fault if you install uncertified extensions from third-party sites.

Score: 0

By PC_Tool

posted Jul 26, 2006 - 5:42 PM

Nothing is secure in the hands of an idiot.

Score: 0

By Desides

posted Jul 27, 2006 - 11:42 AM

Exactly. But it's inane to bash Mozilla for not trying, when they clearly are.

Score: 0

By PC_Tool

posted Jul 27, 2006 - 3:57 PM

Did I?

Where?

Score: 0

By Silentmaster101

posted Jul 27, 2006 - 10:15 AM

unless they dont even know how to turn it on, then it is secure from all but the idiot kicking it in frusteration.

Score: 0

By PC_Tool

posted Jul 27, 2006 - 10:37 AM

Of course, you are right. I should have been more specigfic.

A thousand apologies...

Score: 0

By xyzcb1

posted Jul 26, 2006 - 2:36 PM

I don't get the article. It said the viris is installed using an exploit for IE known as VBS/Psyme, and people who use FF like myself don't really use IE. So how could it possibility get install?

Score: 0

By nate

posted Jul 26, 2006 - 3:01 PM

That's why it's been classified as "low risk." But it could still happen.

Score: 0

By Mark Gillespie

posted Jul 26, 2006 - 2:27 PM

Hang on, something is wrong, I can't hear the hoards of Firefox fanboys ranting about how secure Firefox is, and how great entensions are...

Score: 0

By PC_Tool

edited Jul 26, 2006 - 5:41 PM

Firefox is fine. This affects IE users who have firefox installed.

Please stop being an idiot.

You did read the summary, right? *cough*

Score: 0

By The MAZZTer

posted Jul 26, 2006 - 3:18 PM

"Hang on, something is wrong, I can't hear the hoards of Firefox fanboys ranting about how secure Firefox is, and how great entensions are..."

That would be because nothing has changed. It's an Internet Explorer vulnerability that is exploited, not a Firefox one. Go read the article summary again.

Score: 0

By Mark Gillespie

posted Jul 26, 2006 - 5:45 PM

It's a malicious Firefox extension that is distributed by Internet Explorer.

Both browsers are at fault.

Score: 0

By crashoverride

posted Jul 26, 2006 - 9:29 PM

"Both browsers are at fault."
ummmmm....NO!

"The trojan uses IE to get system access, from where it can do whatever it wants to. In this specific case it chooses to install a malicious Firefox extension."

Bingo...The MAZZTer hit the nail on the head so to speak. The root of this problem is IE. If Firefox were auto installing the extension I could see blaming Firefox.

Oh and thanks for correcting me earlier The MAZZTer.

Score: 0

By fewt

edited Jul 26, 2006 - 6:32 PM

How the hell can you say Firefox is at fault when IE is being exploited to put a file on a filesystem?

Would you blame media player if it opened a media file that an IE exploit put into it's library? I doubt it.

Boy, the fools are out in force today.

Score: 0

By The MAZZTer

edited Jul 26, 2006 - 6:27 PM

I'm sorry, but that makes about as much sense as saying it's both the house's fault and the match's fault that the fire burned it down.

Or like saying the safes Houdini escaped out of weren't secure because they're far easier to open from the inside than from the outside.

The trojan uses IE to get system access, from where it can do whatever it wants to. In this specific case it chooses to install a malicious Firefox extension. It could as easily choose to wipe your hard disk.

Once a program has full system access, it's all over, all bets are off, and it can do anything that it wants, regardless of system security settings (because it's just worked around them).

Score: 0

By Mark Gillespie

edited Jul 26, 2006 - 7:06 PM

There are 2 seperate issues here.

1/ That the trojan downloads itself through a IE exploit.

2/ Firfox executes the exploit despite it's dubious origin.

Anyone that pretends Firefox is not partially at fault here, is deluding themselves.

Seems Firefox's extensions are a similar weight around it's neck, as ActiveX is to Internet Eplorer.

Score: 0

By fewt

posted Jul 26, 2006 - 7:27 PM

So you would blame media player if it had files added to it's library by IE then, huh?

By your logic everything should contain some form of DRM / certification process.

I highly doubt you can form an argument that would lead ANYONE to think that Firefox's extensions are nearly as bad as ActiveX is.

Lets start by counting the exploits, do you have any idea how many times ActiveX has been exploited?

I thought not.

Score: 0

By Silentmaster101

posted Jul 27, 2006 - 10:20 AM

no lets start by counting numbers of users. then we can continue on to counting the number of people who think it is more beneficial to exploit a browser that will affect more people and potententially allow them to steal more peoples identity, then to exploit a browser witht less.

Score: 0

By fewt

edited Jul 27, 2006 - 11:01 AM

Ok, how many users were using DOS when viruses like stealthc and yankee doodle were plaguing PCs?

Counting the number of users is a stupid argument that doesn't make sense. There are *MILLIONS* of people using Windows, Mac OS, Linux, IE, and / or Firefox.

The number is astronomical compared to the days when *MAYBE* 50 million MS-DOS users, there were thousands of viruses back then.

Using your own argument, since there are (edit) MILLIONS of people using Firefox (Firefox approaches 200 million downloads: http://www.spreadfirefox.com/node/24065) there should be thousands of exploits already just like there were for MS-DOS when it's marketshare climbed this high.

So, where are they?

'nuff said

Score: 0

By PC_Tool

posted Jul 27, 2006 - 3:20 PM

Can't for a moment consider the society?

Do hackers and such "give a s***" about Firefox?

They may have 200 million users, but IE has that and several hundred million more.

...just sayin'.

If they go where the majority of users are....

Score: 0

By fewt

edited Jul 27, 2006 - 4:21 PM

Wouldn't you think that out of the several hundred million more that some of them would be [nuts|crazy|stupid|foolish] but [smart|arrogant|script kiddie] enough to want to make Firefox look bad?

I would think so.

Sure, having more people to target is absolutely a factor but it absolutely in no way completely eliminates other targets.

Boy, imagine a military that only hit large targets ignoring all the smaller safe houses. Could you imagine how flawed the logic behind that strategy would be?

The logic implying that Windows is *ONLY* attacked and no other operating systems / applications are can't only be because it's the largest target it just doesn't make any sense at ALL. Surely it is a factor, but it can't be the biggest factor.

Chew on that..

:-P

heh

Score: 0

By Desides

posted Jul 26, 2006 - 3:08 PM

As opposed to an anti-Firefox fanboy ranting about things that are only happening in his imagination?

Score: 0

By sophist_dreams

posted Jul 26, 2006 - 2:42 PM

Why would FF user be worried about this problem dipwad?

Quote since it appears you can't read:

"It is installed using an exploit for Internet Explorer known as VBS/Psyme"

which most FF advocates don't use.

Score: 0

By Grazer

posted Jul 26, 2006 - 3:05 PM

Unless they are going to a site that will not display right in FF...

Score: 0

By crashoverride

edited Jul 27, 2006 - 12:17 AM

If the site won't display then it's not worth my time...enough said

Score: 0

By kprovance

posted Jul 26, 2006 - 10:53 PM

Ugggh...I hate when that happens. It's the only reason I keep IE around. And I'm not talking about some random pisspot site, I'm talking bigger name sites. At one point spiketv.com would not load up in FF.

Score: 0

By The MAZZTer

edited Jul 26, 2006 - 3:13 PM

1) Sites that don't display right in FF aren't worth my time to fire up in another browser, or even to click the IETab icon and wait while the IE rendering engine slowly and painfully loads. I'll either tolerate the bad website design, or find a better site.
2) If a site blocks non-IE browsers, I'll temporarily spoof my user agent to bypass the block.
3) If a site needs ActiveX, I will say "screw it" and find a site that uses a more universally supported format such as Java, unless it's a site I know I can trust (such as Microsoft Update, which is really the only ActiveX site I use, because I'm pretty much forced to).

Score: 0

By 4wd

edited Jul 27, 2006 - 3:40 AM

".....(such as Microsoft Update, which is really the only ActiveX site I use, because I'm pretty much forced to)"

Now you can be free of that site too :)

WindizUpdate - http://windizupdate.com/

Been using it for months.

Score: 0

By PC_Tool

posted Jul 27, 2006 - 10:32 AM

There's also this really wicked thing called 'Automatic Updates'.

Hit Winkey-(Break) and click the Automatic Updates tab. Click on Download and Notify radio button.

Never have to browse Windows (or windiz) update ever again.

Score: 0

By 4wd

posted Jul 31, 2006 - 8:47 PM

"Never have to browse Windows (or windiz) update ever again."

Never again have a choice.

Never again choose to not download/install those things you never use because Microsoft were too lazy to actually REMOVE uninstalled Windows components.

Score: 0

By crashoverride

posted Jul 27, 2006 - 12:20 AM

My thoughts exactly. If I site absolutely requires IE then it's not worth wasting my time.

Score: 0

By solarisguru

posted Jul 26, 2006 - 3:53 PM

"3) If a site needs ActiveX, I will say "screw it" and find a site that uses a more universally supported format such as Java, unless it's a site I know I can trust (such as Microsoft Update, which is really the only ActiveX site I use, because I'm pretty much forced to)."

I'm kind of surprised that Microsoft is still able to get away with that. Could they be sued for FORCING people to use Internet Explorer to get updates for WINDOWS?

Score: 0

By Silentmaster101

posted Jul 27, 2006 - 10:21 AM

well its not like you can remove it;-)

Score: 0

By Grazer

posted Jul 26, 2006 - 3:37 PM

I am betting not all FF users are as loyal or capable as you though.

Score: 0

By xyzcb1

posted Jul 26, 2006 - 4:50 PM

I think brand loyal are for idiots. I am using FF now because it the easiest to us, and I can customize the way I want it too. If there is another browser pop up tomorrow, and can do more, I will make a switch in a heart beat.

Score: 0

By crashoverride

edited Jul 26, 2006 - 2:39 PM

Ok I See I'm going to have to repeat myself. This can't autoinstall because Firefox asks you if you are sure you want to install....on top of that putting a time delay then you have to click ok once again. So only a complete fool would install this thing...so why don't you get busy installing it already.

Score: 0

By The MAZZTer

posted Jul 26, 2006 - 3:14 PM

Try reading the summary, you have to browse to the site in Internet Explorer, and a vulnerability is exploited to give the trojan access to your Windows profile, from there it can install itself as an extension.

Score: 0

By Das mod

edited Jul 26, 2006 - 2:34 PM

get your head closer to the monitor ...

FIREFOX is still pretty secure, just because of one user-created malicious extension you cant go on to judge the whole browser.... any software can be insecure if put in the hands of an idiot !!!!!!!

Score: 0

By The MAZZTer

posted Jul 26, 2006 - 3:15 PM

Except Firefox is never exploited. IE is exploited, and at that stage malware could wipe your computer or do anything it wants to anyways.

I love how they couldn't exploit Firefox to do this so they had to exploit IE instead haha.

Score: 0

By Silentmaster101

posted Jul 27, 2006 - 10:22 AM

yeah because one is part of the core of an operating system the other is just a browser.

Score: 0

By xyzcb1

posted Jul 26, 2006 - 2:40 PM

and let me add, no software is hack/crack free. It just a matter of time. If the perfect software exist, why do we need to have an IT dept, just buy that software, install, and forget about it because it's bulletproof.

Score: 0

By Joe Dirt

posted Jul 26, 2006 - 2:32 PM

Guess why?

Because you have to install the dang thing yourself. It's no different than clicking a link that tries to launch an .exe file.

Don't be so dim.

Score: 0

By crashoverride

edited Jul 26, 2006 - 2:23 PM

I wonder if they think that Mozilla might have thought of this possiblity before hand.....hence Firefox asking if you are sure you want to install an extension and then having a time delay.

Score: 0

By WBMike

posted Jul 26, 2006 - 2:14 PM

Could this mean in the future, you must request developer keys from Mozilla to make your extension work?

Score: 0

By The MAZZTer

posted Jul 26, 2006 - 3:16 PM

No, because Firefox surfers are not affected by this trojan, only IE surfers (as usual) with Firefox installed. Read the article summary again.

Score: 0

By snoecks

posted Jul 26, 2006 - 5:22 PM

So if you only use IE then you don't get to install that FF extension in the 1st place.

Score: 0

By crashoverride

posted Jul 26, 2006 - 11:27 PM

ooor.......If you use only Firefox you don't get to install this extension in the first place. Which I'm to the point that if a website is IE only then it's not worth my time.

Score: 0

By dhjdhj

posted Jul 26, 2006 - 2:24 PM

How would that help? Once you have the key, you can do what you want!

Score: 0

By Frostek

posted Jul 26, 2006 - 2:44 PM

"A fool and their money are soon parted"...

Score: 0

By Silentmaster101

posted Jul 27, 2006 - 10:24 AM

unlucky for us a fool never stops complaining about it either.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue