New Firefox Extension Malware

Watch out for a new malicious Firefox extension designed to hijack your search results. If you ever start Firefox and unexpectedly see a new extension installation dialog you should be wary that you may have malware on your system. This latest one is called FirestarterFox.

http://blog.misec.net/2008/09/25/new-malicious-firefox-extension-firestarterfox/

 

Now hopefully all will see the logic of why Opera doesn't use extensions.

 

And uses widgets?

 

Opera incorporates most of the features out of the box so neither widgets not user js is needed to make it work and in case a widget is needed, so far no vulnerability has been discovered in the widgets module.

 

So user gets infected (not via browsing, but running an infected file on his pc? article doesn't specify), the malware creates a bad extension in firefox's "extensions" directory?

If that's how, then it can similarly create a bad widget in opera's widget directory? In that case, it's not abt any vulnerability in firefox's or opera's modules.

 

Simple solution.

 

The Widget follows a different method than FF's extension so it has to be specifically written for Opera.

 

Hi AKAJohnDoe,

I don't think its abt drivebys. But malware already on infected system, creating new files (bad add-on) inside firefox profile's "extensions" folder.

Hopefully OP can confirm.

 

Hi Arup

What I meant to point out, is that it may not be due to any browser vulnerability, which u seem to be implying.

 

Regardless, Firefox pauses at startup to inform the user of any new or updated extensions.

 

Yes, this was installed by a piece of malware downloaded by one of the latest Zlob variants. So it is installed by a malware process directly to the Firefox extensions directory.

 

Same as I was thinking.