WebAttacker & MPack - And 'drive-by' infections that can get through Firefox.

Discussion in 'other security issues & news' started by Dogbiscuit, Sep 29, 2007.

Thread Status:
Not open for further replies.
  1. Dogbiscuit

    Dogbiscuit Guest

    WebAttacker and MPack toolkits offer working malware that can infect computers through vulnerabilities in the browser (e.g., The Bank of India website hack). And, not just through unpatched versions of Internet Explorer, but also through unpatched versions of Firefox as well.

    Is this malware that has been able to target Firefox and slip past to infect PCs?

    What do you think?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    The third link is 15 months old and refers to Firefox 1.0.5, which was patched within days to 1.0.6 ... And the POC code was posted about 6 months after the bugzilla report, by the same person urging the Mozilla team to elevate the risk level. But I did comment on this one already...
    Mrk
     
  3. Dogbiscuit

    Dogbiscuit Guest

    The impression I had from talk here on Wilders was that there has never been any malware that could get past Firefox in a 'drive-by', that this only ever happened to Internet Explorer - 'just use any version of Firefox and you're safe.' Obviously that is mistaken, as this shows that older unpatched versions of Fx are currently being targeted by real malware. (Since MPack is updated monthly there might be more recent Fx exploits included than the one shown for WebAttacker, but I don't know how recent for either WebAttacker or Mpack, if that's the case.)

    Admittedly, this isn't too much to worry about, unless maybe you don't keep current or patched. But I do see signatures here of people using Fx1.5 or even IE6, if that's any indication.

    (Keeping software fully updated seems like the best advice, among other things.)
     
    Last edited by a moderator: Sep 30, 2007
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Not FF 1.5, FF 1.0.5 ... big difference.
    Cheers,
    Mrk
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    It's an ongoing struggle to keep updated. I check monthly with Secunia's Software Inspector online scanner for vulnerable programs. http://secunia.com/software_inspector It helps me keep up with things I may miss in the update forums. I'm running Firefox as a limited user with dropmyrights and within Sandboxie. If that doesn't protect me, then I hope my AV and HIPS does.
     
  6. Dogbiscuit

    Dogbiscuit Guest

    At the time WebAttacker toolkit was released in June 2006 (this after the original WebAttacker that had more exploits), the current Firefox version was 1.5.0.4.

    According to Dan Veditz, a member of the Mozilla Security team, 25% of all Firefox users at that time were still using 1.0.x versions of Fx, and 25% of those users were not fully patched (probably due to the way Fx was updated in 1.0.x versions, before the reworked updating feature). You can see why this easy target of users was tempting to WebAttacker's developers.
     
Loading...
Thread Status:
Not open for further replies.