homepage Welcome to WebmasterWorld Guest from 54.196.24.103
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
FireFox Add-ons Infecting Users with Trojans
Infected add-ons incorporated due to unrecognized signatures
Marcia




msg:3644578
 10:50 am on May 8, 2008 (gmt 0)

From Wired:

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Firefox Infects Vietnamese Users With Trojan Code [blog.wired.com]

 

coopster




msg:3644632
 12:06 pm on May 8, 2008 (gmt 0)

I have been cautious of add-ons (extensions) since day one. Every time a friend calls with a "my internet is slow" issue I seem to end up patching their Windows host file and managing their Add-ons in Microsoft Internet Explorer. So when Firefox came out with extensions I was very cautious, and still am very cautious. I just hope they extend the scanning to their Themes [webmasterworld.com] as well.

Marcia




msg:3644760
 2:32 pm on May 8, 2008 (gmt 0)

IMO, anything at all that starts to get widespread exposure in publicity, distribution or usage will start to get targeted eventually. It was only a matter of time in coming.

mikedee




msg:3644802
 3:24 pm on May 8, 2008 (gmt 0)

The actual facts of THIS case seem to point to the fact that the software was accidentally included in some sort of bundle and then uploaded it to the Mozilla servers. It was not targeting Mozilla at all.

The most worrying part is that they just use signature based virus checking before hosting extensions. They need to improve their verification of code before hosting it (and therefore saying it is safe)

Malicious extensions are nothing new, I have seen them before 1.0. By default extensions will not install so this is not a drive-by attack.

EDIT: More information from Mozilla

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.

[blog.mozilla.com...]

So the language pack only included symptoms of a trojan, not the actual trojan itself. No users were ever at risk and they would only have seen the ads that were inserted if they viewed the help files.

rekitty




msg:3644968
 5:25 pm on May 8, 2008 (gmt 0)

I always re-start Firefox in "Safe Mode" before doing anything that needs to be really secure like online banking. I don't want any extensions running then, since an extension could monitor my keystrokes and send login and password info to the bad guys.

Drew




msg:3645132
 8:29 pm on May 8, 2008 (gmt 0)

Will safe mode do the trick? I never even though about the banking with Firefox.

physics




msg:3645230
 10:04 pm on May 8, 2008 (gmt 0)

Why restart Firefox in safe mode? Install Opera and do your online banking from there.

plumsauce




msg:3645235
 10:05 pm on May 8, 2008 (gmt 0)

So the language pack only included symptoms of a trojan, not the actual trojan itself. No users were ever at risk and they would only have seen the ads that were inserted if they viewed the help files.

But, mozilla.org says:

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content.

So, the addon is doing something other than its advertised function. This is independent of whether it is capable of spreading the infection.

Also, the remote content can always be replaced at will with different remote content that does more than display an ad. Drive by javascript for example.

mikedee




msg:3645705
 1:54 pm on May 9, 2008 (gmt 0)

The title is still totally misleading and inflammatory.

'FireFox Add-ons Infecting Users with Trojans'

It isn't infecting users with trojans, it gave them HTML pages which had some ad code added (the developer is the only person that was infected) and there is only a theoretical risk if you view the help pages of an infected download.

coolclu3




msg:3645950
 5:28 pm on May 9, 2008 (gmt 0)

For the last 2 weeks, I also had a strange problem with firefox 2.0
When the connection is a little slow, after sometime, firefox tries to go to the an address with the domain name omitted. For example, in stead of accessing this page, firefox will go to [firefox_browser...]
No peculiar add-on installed, apart from some web development stuff like alexa, google page rank , or colorzilla

Angonasec




msg:3648465
 1:35 am on May 13, 2008 (gmt 0)

I always re-start Firefox in "Safe Mode" before doing anything that needs to be really secure like online banking. I don't want any extensions running then, since an extension could monitor my keystrokes and send login and password info to the bad guys.

What do you mean by "Safe Mode"?

Before you do your online banking, why not simply disable any suspect Add-ons in the "Tools" dropdown menu?

Is that what you call "Safe Mode"?

Angonasec




msg:3652884
 3:23 am on May 18, 2008 (gmt 0)

Hah! Since posting in this thread, I've discovered what "Safe Mode" is from neccessity.

I use FF 2.0.0.14 (latest on OSX Tiger 10.4) and use 4 Add-ons.

Not eperienced a grain of trouble for over a year.

But this week the SiteAdvisor (McAfee) extension 26.5 causes FF to freeze, totally unusable.

I had to force quit FF, and use Camino to troubleshoot.

It is definitely the Siteadvisor Add-on, and there's no chatter about the problem on the McAfee site or forums.

I even tried a fresh SA download, and the same bug occurs; Siteadvisor is broken on this platform, and rogering the latest Firefox version.

In addition; if you try the "Find Updates" in your Add-ons menu, they all work EXCEPT the Siteadvisor one which returns an error message.

Wake up McAfee!

And a heads-up to any fellow Mac FF users.

>>Disable Sitadvisor until McAfee fix the bug.<<

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved