Hi, I have just been alerted that malware has been found[1] which installs a trojaned version of numberedlinks, an extension I maintain here at mozdev.
It seems to have been sent out in spam email with an EXE attachment[2]. Alternatively, it was also spread via an Internet Explorer exploit[3]. I have not been able to get my hands on a copy of the malware. McAfee's profile and TechWeb[4] show it is a Windows trojan which sends various sensitive information (sniffed ICQ, FTP, POP3, and IMAP passwords, as well as form contents on web pages) to a compromised web server. Slightly interesting, but not surprising, is the fact that the fake extension is not "installed" via the GUI. The files are placed directly into the user's Firefox profile. I have seen legitimate extension code which goes as far as patching up Firefox chrome code at run-time. I am surprised the malware authors bothered to even use an extension or at least haven't "cloaked" it by patching up relevant Firefox chrome code. Obviously this incident could have affected any Firefox extension and I have the feeling similar things will happen in the future. The question is how we can make it harder to abuse extensions. Any suggestions how we can make life a little harder for these people? Thanks to Martijn Weisbeek (MozBrowser.nl) for alerting me. Stefan [1] http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=140256 [2] http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=140257 [3] http://vil.nai.com/vil/content/v_140256.htm [4] http://www.techweb.com/wire/security/191101268 _______________________________________________ Project_owners mailing list [email protected] http://mozdev.org/mailman/listinfo/project_owners
