WebAttacker & MPack - And 'drive-by' infections that can get through Firefox.

WebAttacker and MPack toolkits offer working malware that can infect computers through vulnerabilities in the browser (e.g., The Bank of India website hack). And, not just through unpatched versions of Internet Explorer, but also through unpatched versions of Firefox as well.

Is this malware that has been able to target Firefox and slip past to infect PCs?

What do you think?

 

Hello,
The third link is 15 months old and refers to Firefox 1.0.5, which was patched within days to 1.0.6 ... And the POC code was posted about 6 months after the bugzilla report, by the same person urging the Mozilla team to elevate the risk level. But I did comment on this one already...
Mrk

 

The impression I had from talk here on Wilders was that there has never been any malware that could get past Firefox in a 'drive-by', that this only ever happened to Internet Explorer - 'just use any version of Firefox and you're safe.' Obviously that is mistaken, as this shows that older unpatched versions of Fx are currently being targeted by real malware. (Since MPack is updated monthly there might be more recent Fx exploits included than the one shown for WebAttacker, but I don't know how recent for either WebAttacker or Mpack, if that's the case.)

Admittedly, this isn't too much to worry about, unless maybe you don't keep current or patched. But I do see signatures here of people using Fx1.5 or even IE6, if that's any indication.

(Keeping software fully updated seems like the best advice, among other things.)

 

Hello,
Not FF 1.5, FF 1.0.5 ... big difference.
Cheers,
Mrk

 

It's an ongoing struggle to keep updated. I check monthly with Secunia's Software Inspector online scanner for vulnerable programs. http://secunia.com/software_inspector It helps me keep up with things I may miss in the update forums. I'm running Firefox as a limited user with dropmyrights and within Sandboxie. If that doesn't protect me, then I hope my AV and HIPS does.

 

At the time WebAttacker toolkit was released in June 2006 (this after the original WebAttacker that had more exploits), the current Firefox version was 1.5.0.4.

According to Dan Veditz, a member of the Mozilla Security team, 25% of all Firefox users at that time were still using 1.0.x versions of Fx, and 25% of those users were not fully patched (probably due to the way Fx was updated in 1.0.x versions, before the reworked updating feature). You can see why this easy target of users was tempting to WebAttacker's developers.