Trojan that targets Firefox

Trojan that targets Firefox
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Anti-Virus Software - Computer security - anti-virus software 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Trojan that targets Firefox Duh_OZ 12-05-2008
Posted by Duh_OZ on December 5, 2008, 9:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
=======
It drops an executable file (which is a Firefox 3 plugin) and a
JavaScript file (detected by Bitdefender as:
Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
respectively.

It filters the URLs within the Mozilla Firefox browser and whenever
encounter the following addresses opened in the Firefox browser it
captures the login credentials.
========

Posted by David H. Lipman on December 6, 2008, 11:41 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
| =======
| It drops an executable file (which is a Firefox 3 plugin) and a
| JavaScript file (detected by Bitdefender as:
| Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
| respectively.

| It filters the URLs within the Mozilla Firefox browser and whenever
| encounter the following addresses opened in the Firefox browser it
| captures the login credentials.
| ========

Subject: Avert Labs Low-Profiled Threat Notice: Generic.dx!707DA3A8

Notice

This is a Low-Profiled Threat Notice for Generic.dx!707DA3A8

Justification

Generic.dx!707DA3A8 has been deemed Low-Profiled due to media attention at

http://www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan/.

Generic.dx!707DA3A8 is referred to as "ChromeInject-A" in the article at
theregister.co.uk.

Read About It

Information about Generic.dx!707DA3A8 is located on VIL at:
http://vil.nai.com/vil/content/v_153534.htm

Detection

Generic.dx!707DA3A8 was first discovered on December 4, 2008 and detection was
added to
the 5436 dat files (Release Date: November 16, 2008).

To stay updated and protected download the latest dat files from

http://www.mcafee.com/us/downloads/index.html

If you suspect you have Generic.dx!707DA3A8, please submit a sample to
http://www.webimmune.net

Risk Assessment Definition

For further information on the Risk Assessment and Avert Labs Recommended

Actions please see:

http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Beauregard T. Shagnasty on December 6, 2008, 2:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Duh_OZ wrote:

> http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
> =======
> It drops an executable file (which is a Firefox 3 plugin) and a
> JavaScript file (detected by Bitdefender as:
> Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
> respectively.

Seems to affect only Firefox for Windows.

<quote>
SYMPTOMS:
Presence of the:
"%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll"
"%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"
files in the Mozilla Firefox's plugins and chrome folders.

> It filters the URLs within the Mozilla Firefox browser and whenever
> encounter the following addresses opened in the Firefox browser it
> captures the login credentials.

They should have sorted the bank list alphabetically... ;-)

--
-bts
-Friends don't let friends drive Windows

Similar ThreadsPosted
AVG Mobile Security Targets Symbian Phones (PC World via Yahoo! News) June 13, 2007, 2:06 am
NEW....Firefox 1.07 September 21, 2005, 5:55 pm
Firefox 1.5.0.1 February 3, 2006, 3:09 am
Firefox and McAfee help September 5, 2005, 12:10 pm
OT: New Firefox 1.5 is much faster December 1, 2005, 11:33 am
Firefox NoScript extension April 17, 2006, 1:31 pm
Attn Art - re noscript for Firefox July 11, 2006, 11:16 pm
OT: Removing URL history from Firefox? December 27, 2008, 5:22 pm
NOD32 and Mozilla Thunderbird and Firefox July 8, 2007, 11:40 pm
shitey Clamwin constipated Firefox May 31, 2009, 5:25 am

The site map in XML format XML site map

Contact Us | Privacy Policy