New Malware Specifically Targets Firefox
The malware resembles DNSChanger, a common DNS hijacking threat, but operates differently. Instead of hacking the registry to change DNS, the new variant throws a DLL into the C:\Program Files\Mozilla Firefox\components directory and therefore runs inside the browser.
This is not a vulnerability in Firefox in any sense; in order for this to happen the user has to run a malicious program as Administrator or some other privileged account. But it does show that some malware authors see enough potential in Firefox to write special malware for it. The use of a DLL does make the malware specific to Windows, although it may be possible to write versions for other platforms as well.
Like DNSChanger it intercepts certain operations, like search requests, and redirects them through a Ukrainian host previously used by DNSChanger.
A second piece of Firefox adware came bundled with the installer for a 3rd party Firefox plugin called PlayMP3z. The terms of service agreement that everyone just clicks through explicitly permits the software. It's called Foxicle and it generates popup and popunder ads. Once again this isn't Firefox's fault; you chose to install it, you got what you asked for.
Success for the early entries in the Firefox malware market could set a signal for other IE-only players that it's time to go cross-platform.
Source: Yahoo! News
This is not a vulnerability in Firefox in any sense; in order for this to happen the user has to run a malicious program as Administrator or some other privileged account. But it does show that some malware authors see enough potential in Firefox to write special malware for it. The use of a DLL does make the malware specific to Windows, although it may be possible to write versions for other platforms as well.
Like DNSChanger it intercepts certain operations, like search requests, and redirects them through a Ukrainian host previously used by DNSChanger.
A second piece of Firefox adware came bundled with the installer for a 3rd party Firefox plugin called PlayMP3z. The terms of service agreement that everyone just clicks through explicitly permits the software. It's called Foxicle and it generates popup and popunder ads. Once again this isn't Firefox's fault; you chose to install it, you got what you asked for.
Success for the early entries in the Firefox malware market could set a signal for other IE-only players that it's time to go cross-platform.
Source: Yahoo! News
0 comments:
Post a Comment