New Firefox Extension Malware

Discussion in 'malware problems & news' started by Magnus Mischel, Sep 25, 2008.

Thread Status:
Not open for further replies.
  1. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
  2. Arup

    Arup Guest

    Now hopefully all will see the logic of why Opera doesn't use extensions.
     
  3. demonon

    demonon Guest

    And uses widgets?
     
  4. Arup

    Arup Guest


    Opera incorporates most of the features out of the box so neither widgets not user js is needed to make it work and in case a widget is needed, so far no vulnerability has been discovered in the widgets module.
     
  5. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    So user gets infected (not via browsing, but running an infected file on his pc? article doesn't specify), the malware creates a bad extension in firefox's "extensions" directory?

    If that's how, then it can similarly create a bad widget in opera's widget directory? In that case, it's not abt any vulnerability in firefox's or opera's modules.
     
  6. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Simple solution.
     

    Attached Files:

  7. Arup

    Arup Guest


    The Widget follows a different method than FF's extension so it has to be specifically written for Opera.
     
  8. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Hi AKAJohnDoe,

    I don't think its abt drivebys. But malware already on infected system, creating new files (bad add-on) inside firefox profile's "extensions" folder.

    Hopefully OP can confirm.
     
  9. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Hi Arup :)

    What I meant to point out, is that it may not be due to any browser vulnerability, which u seem to be implying.
     
  10. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Regardless, Firefox pauses at startup to inform the user of any new or updated extensions.
     
  11. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    Yes, this was installed by a piece of malware downloaded by one of the latest Zlob variants. So it is installed by a malware process directly to the Firefox extensions directory.
     
  12. demonon

    demonon Guest

    Same as I was thinking.
     
Loading...
Thread Status:
Not open for further replies.