New trojan installs itself as a Firefox extension

As most security experts say, Mozilla Firefox, an open-source web browser, is much more secure than good old Internet Explorer. Browsing the web with the Fox helps you to avoid the larger part of all exploits, malicious scripts, drive-by downloads, and other Internet-specific infections.

But neither of the modern software is 100% safe. Even Mozilla Firefox. As software makers suppose, Firefox (or Opera, or any other alternative, safe web browser) would be as much vulnerable as Internet Explorer, if it had the same popularity. Of course, it’s a theory that cannot be proven (yet). Microsoft’s product is still the most popular browser in the world. But the tendencies are rather interesting. The more popular Mozilla Firefox becomes, the higher number of vulnerabilities (including fixed ones) it has.

However, this time it’s not a potential security flaw we want to speak about, but a malicious plug-in, hundreds of which successfully affect Internet Explorer intercepting user confidential information, tracking victim browsing habits, hijacking the web browser, etc. Such plug-ins can be individual parasites or parts of more sophisticated threats like the SpywareQuake trojan.

But the latest threat doesn’t target Internet Explorer. FireSpy, also known as Snifula or FormSpy, installs itself as a Mozilla Firefox extension. The trojan monitors user Internet activity, tracks browsing habits, and records information the user enters on various web sites. The parasite transfers stolen data to predetermined remote hosts. FireSpy is also capable of stealing ICQ, FTP and e-mail login names and passwords.

The trojan works in the same manner as typical malicious Internet Explorer plug-ins. It does not interact with the user and does not change default Firefox behavior and look. Moreover, it attempts to disguise itself as NumberedLinks 0.9, a legitimate Mozilla extension. You can see this name in the extension list of the affected web browser.

FireSpy is difficult to detect, and its payload can do a significant harm to your privacy. That’s why having reliable antimalware protection is still mandatory, even if you never surf the web with Internet Explorer.


Files
Software
Compare
Like us on Facebook