USA Linux Users Group Forum Index
Log in Register FAQ Memberlist Search USA Linux Users Group Forum Index Album

New Malware Ruins Firefox

 
Post new topic   Reply to topic   printer-friendly view    USA Linux Users Group Forum Index » Web Browsers & Email Clients
View previous topic :: View next topic  
Author Message
jada
Linux Guru


Joined: 13 May 2025
Posts: 3064
Location: Sun City, CA 92585
PostPosted: Fri Apr 03, 2025 12:22 am    Post subject: New Malware Ruins Firefox Reply with quote
Quote:

Late last year, we read all the buzz about ChromeInject, a malicious DLL that was being billed as the first malware specifically targeting Firefox. It was interesting to see that someone built a phishing Trojan for a different browser platform, but ChromeInject was also clearly an early phase in Firefox malware development: It was fairly obvious, and it was easy to eliminate, because it generated an entry in the Plugins menu called “Basic Example Plugin for Mozilla” which you could simply disable with a single mouse click.

Well now it looks like the bar’s been raised. In the past few weeks, we’ve seen malware writers up the ante in their bets against Firefox. Two new spies came across the transom in the past week, and easily managed to load themselves into a freshly installed copy of Firefox 3.0.7. I should note that this isn’t due to any problem or negligence on Mozilla’s part; once you execute malicious code on your PC, any application is vulnerable. Firefox just happens to be a big target.

The first is a malicious plugin that, structurally, looks like it might be a new variant of a spy we’ve seen before: DNSChanger (we sometimes call it Trojan-Downloader-Ruin), a browser hijacking tool. Unlike DNSChanger, which modifies the DNS settings in Windows itself, this plugin doesn’t add any discernible registry keys in order to do its job. The installer drops a DLL payload into the C:Program FilesMozilla Firefoxcomponents folder, and works a little juju; then when you next start Firefox, it runs in the background.

The full story
http://blog.webroot.com/2009/03/25/new-malware-ruins-firefox/



_________________
openSUSE 11.1 Desktop KDE 4.3.1 buildservice Factory
Linux Mint 7 Desktop Gnome
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
melloe
Ultimate Member


Joined: 20 Mar 2025
Posts: 2262
Location: Southern Illinois
PostPosted: Fri Apr 03, 2025 8:12 am    Post subject: Reply with quote
One wonders about its effects with Linux.



_________________
mell0: 1. Kubuntu, XP, Sabayon 2. Mandriva,Mint, Mephis
Thor: 1. VISTA, Fedora 2. Chakra, Debian
Sam:XP, SuSE Zues: win7, SuSE testing
Back to top
View user's profile Send private message
lberg
Sr. Member


Joined: 28 Jul 2025
Posts: 1289
PostPosted: Fri Apr 03, 2025 3:28 pm    Post subject: Reply with quote
Yeah. Everything in that article talked about the C: drive.



_________________
2 Computers: Arch Linux, 64-bit
3 Computers: Arch Linux, 32-bit
Back to top
View user's profile Send private message
melloe
Ultimate Member


Joined: 20 Mar 2025
Posts: 2262
Location: Southern Illinois
PostPosted: Fri Apr 03, 2025 4:35 pm    Post subject: Reply with quote
I get the impression it was not tested on Linux/UNIX/BSD. Or within a virtual situation or what have you

The one mentions only operating within the browser, so that is inconclusive.

The other seem to require an executable file..

Inquiring people want to know <G><



_________________
mell0: 1. Kubuntu, XP, Sabayon 2. Mandriva,Mint, Mephis
Thor: 1. VISTA, Fedora 2. Chakra, Debian
Sam:XP, SuSE Zues: win7, SuSE testing
Back to top
View user's profile Send private message
VHockey86
Advanced Member


Joined: 12 Dec 2025
Posts: 988
Location: Rochester
PostPosted: Fri Apr 03, 2025 10:31 pm    Post subject: Reply with quote
The impression I got from a quick read of the article was that this was simply malware that installed and operated as a firefox plugin. The actual plugin is installed from some other source...so it is not really a vulernability in the browser at all. The plugin presumably could be delivered on any platform, but whether or not that plugin simply targets default windows paths or not...who knows.



_________________
Main Desktops : Kubuntu 10.4. ArchLinux 64-bit. Windows7 64-bit. Windows XP 32-bit.

MacBook: OS X Snow Leopard (10.6)
Back to top
View user's profile Send private message
jada
Linux Guru


Joined: 13 May 2025
Posts: 3064
Location: Sun City, CA 92585
PostPosted: Fri Apr 03, 2025 11:21 pm    Post subject: Reply with quote
VHockey86 wrote:
The impression I got from a quick read of the article was that this was simply malware that installed and operated as a firefox plugin. The actual plugin is installed from some other source...so it is not really a vulernability in the browser at all. The plugin presumably could be delivered on any platform, but whether or not that plugin simply targets default windows paths or not...who knows.



If it's targeting Linux or not, it is simple the user responsible to take care about his/here computer safety.



_________________
openSUSE 11.1 Desktop KDE 4.3.1 buildservice Factory
Linux Mint 7 Desktop Gnome
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    USA Linux Users Group Forum Index » Web Browsers & Email Clients All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All content © 2025-2009 - Usa Linux Users Group
This forum is powered by phpBB. © 2025-2009 phpBB Group
Theme created by phpBBStyles.com and modified by Crouse