coopster
#:3644632
| 12:06 pm on May 8, 2008 (utc 0) |
I have been cautious of add-ons (extensions) since day one. Every time a friend calls with a "my internet is slow" issue I seem to end up patching their Windows host file and managing their Add-ons in Microsoft Internet Explorer. So when Firefox came out with extensions I was very cautious, and still am very cautious. I just hope they extend the scanning to their Themes as well.
|
Marcia
#:3644760
| 2:32 pm on May 8, 2008 (utc 0) |
IMO, anything at all that starts to get widespread exposure in publicity, distribution or usage will start to get targeted eventually. It was only a matter of time in coming.
|
mikedee
#:3644802
| 3:24 pm on May 8, 2008 (utc 0) |
The actual facts of THIS case seem to point to the fact that the software was accidentally included in some sort of bundle and then uploaded it to the Mozilla servers. It was not targeting Mozilla at all. The most worrying part is that they just use signature based virus checking before hosting extensions. They need to improve their verification of code before hosting it (and therefore saying it is safe) Malicious extensions are nothing new, I have seen them before 1.0. By default extensions will not install so this is not a drive-by attack. EDIT: More information from Mozilla | The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. |
|
http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/ So the language pack only included symptoms of a trojan, not the actual trojan itself. No users were ever at risk and they would only have seen the ads that were inserted if they viewed the help files.
|
rekitty
#:3644968
| 5:25 pm on May 8, 2008 (utc 0) |
I always re-start Firefox in "Safe Mode" before doing anything that needs to be really secure like online banking. I don't want any extensions running then, since an extension could monitor my keystrokes and send login and password info to the bad guys.
|
Drew
#:3645132
| 8:29 pm on May 8, 2008 (utc 0) |
Will safe mode do the trick? I never even though about the banking with Firefox.
|
physics
#:3645230
| 10:04 pm on May 8, 2008 (utc 0) |
Why restart Firefox in safe mode? Install Opera and do your online banking from there.
|
plumsauce
#:3645235
| 10:05 pm on May 8, 2008 (utc 0) |
So the language pack only included symptoms of a trojan, not the actual trojan itself. No users were ever at risk and they would only have seen the ads that were inserted if they viewed the help files.
|
|
But, mozilla.org says: | The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. |
|
So, the addon is doing something other than its advertised function. This is independent of whether it is capable of spreading the infection. Also, the remote content can always be replaced at will with different remote content that does more than display an ad. Drive by javascript for example.
|
mikedee
#:3645705
| 1:54 pm on May 9, 2008 (utc 0) |
The title is still totally misleading and inflammatory. 'FireFox Add-ons Infecting Users with Trojans' It isn't infecting users with trojans, it gave them HTML pages which had some ad code added (the developer is the only person that was infected) and there is only a theoretical risk if you view the help pages of an infected download.
|
coolclu3
#:3645950
| 5:28 pm on May 9, 2008 (utc 0) |
For the last 2 weeks, I also had a strange problem with firefox 2.0
When the connection is a little slow, after sometime, firefox tries to go to the an address with the domain name omitted. For example, in stead of accessing this page, firefox will go to http://firefox_browser/3644576.htm
No peculiar add-on installed, apart from some web development stuff like alexa, google page rank , or colorzilla
|
Angonasec
#:3648465
| 1:35 am on May 13, 2008 (utc 0) |
| I always re-start Firefox in "Safe Mode" before doing anything that needs to be really secure like online banking. I don't want any extensions running then, since an extension could monitor my keystrokes and send login and password info to the bad guys. |
|
What do you mean by "Safe Mode"? Before you do your online banking, why not simply disable any suspect Add-ons in the "Tools" dropdown menu? Is that what you call "Safe Mode"?
|
Angonasec
#:3648470
| 1:39 am on May 13, 2008 (utc 0) |
| Install Opera and do your online banking from there. |
|
Seriously bad advice Sir! Opera is the browser of choice for the underworld. We actually blocked access to our site to Opera users after we noticed their visits were almost invariably nefarious.
|
