Spyware poses as Firefox extension
Print storyTrojan downloader launches secondary attack
Posted in Spyware, 26th July 2006 13:51 GMT
Free whitepaper – The shortcut guide to managing certificate lifecycles
Virus writers have created a spyware package that poses as an extension to the Firefox web browser.
FormSpy, which poses as the legitimate NumberedLinks 0.9 extension, is programmed to steal confidential information from compromised machines including passwords, credit card numbers, and ebanking login details. The malware is also capable of sniffing passwords from ICQ, FTP, and email traffic before sending this data to a hacker-controlled website.
FormSpy is normally downloaded onto compromised machines already infected with another Trojan program, called Downloader-AXM. It can also spread as a drive-by download from compromised websites.
Downloader-AXM began spreading via virus infected spam messages (example here) earlier this week. Fortunately, the attack is not yet widespread, according to net security firm McAfee, which has published a detailed write-up of the threat here. ®
Free whitepaper – Vulnerability management buyer's checklist
The business case for application security
Reducing messaging and web security costs with managed services
Vulnerability management buyer's checklist
Extended Validation SSL Certificates
The best practices guide for application security
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive