franzon Posted August 31, 2009 Share Posted August 31, 2009 Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called ?Adobe Flash Player 0.2,? the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts. The said add-on injects ads into the user?s Google search results pages. More disturbing, however, is its capability to monitor the user?s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}jupdate.com. We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice it seems it no longer is with the proliferation of malware targetting the most popular alternative Internet browser?Firefoxor:rolleyes::rolleyes: http://blog.trendmicro.com/firefox-addo-sp...search-results/ Link to comment Share on other sites More sharing options...
neufuse Veteran Posted August 31, 2009 Veteran Share Posted August 31, 2009 This is the kind of stuff I'd love to see on the front page.... Link to comment Share on other sites More sharing options...
qwix Posted August 31, 2009 Share Posted August 31, 2009 Wow, does this also affect other OS? Link to comment Share on other sites More sharing options...
Eric Veteran Posted August 31, 2009 Veteran Share Posted August 31, 2009 Wow, does this also affect other OS? Probably. I think Firefox addons are cross-platform scripts. Link to comment Share on other sites More sharing options...
Ci7 Posted August 31, 2009 Share Posted August 31, 2009 /staring at the article *cries* probably going to get blocked with an update Link to comment Share on other sites More sharing options...
Miuku. Posted August 31, 2009 Share Posted August 31, 2009 probably going to get blocked with an update Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN.. I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed." Link to comment Share on other sites More sharing options...
supernova_00 Posted August 31, 2009 Share Posted August 31, 2009 It runs on Windows 98, ME, NT, 2000, XP and Server 2003. Can anyone find the extension ID so it can be blacklisted faster? Link to comment Share on other sites More sharing options...
Dell_Optiplex Posted August 31, 2009 Share Posted August 31, 2009 BS, only IE gets viruses Link to comment Share on other sites More sharing options...
supernova_00 Posted August 31, 2009 Share Posted August 31, 2009 Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed." Extensions can be easily installed without prompt. Not through Firefox but through Windows. Link to comment Share on other sites More sharing options...
toki Posted August 31, 2009 Share Posted August 31, 2009 Extensions can be easily installed without prompt. Yeah, amazing how secure is FireFox..... :unsure: Link to comment Share on other sites More sharing options...
Unconnected Posted August 31, 2009 Share Posted August 31, 2009 What a smart guy... Link to comment Share on other sites More sharing options...
supernova_00 Posted August 31, 2009 Share Posted August 31, 2009 Yeah, amazing how secure is FireFox..... :unsure: I edited my comment as it wasn't completely accurate. You can download the .xpi file and unzip it to your profile without the prompt but you will always be notified that a new extension was installed. Just like when MS installed the .net framework extension or whatever the heck it was without the user consenting. Link to comment Share on other sites More sharing options...
ToneKnee Posted August 31, 2009 Share Posted August 31, 2009 I edited my comment as it wasn't completely accurate. You can download the .xpi file and unzip it to your profile without the prompt but you will always be notified that a new extension was installed. Just like when MS installed the .net framework extension or whatever the heck it was without the user consenting. But that required a user to install something to do that in the first place. Link to comment Share on other sites More sharing options...
supernova_00 Posted August 31, 2009 Share Posted August 31, 2009 But that required a user to install something to do that in the first place. Exactly, just as such with this trojan. Link to comment Share on other sites More sharing options...
x-byte Posted August 31, 2009 Share Posted August 31, 2009 Not surprising. More will come. Firefox have had an easy run so far. Link to comment Share on other sites More sharing options...
dead.cell Posted August 31, 2009 Share Posted August 31, 2009 Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targetting the most popular alternative Internet browser?Firefoxb>:rolleyes:s: Right. Like we're all going to stop using Firefox because of this:rolleyes:s: Link to comment Share on other sites More sharing options...
Tech Geek Alex Posted August 31, 2009 Share Posted August 31, 2009 Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed." That is because you read - As the very old saying goes "There is one born every minute". And I make my living cleaning up after they click 2x's without reading what they are clicking on. Link to comment Share on other sites More sharing options...
toadeater Posted August 31, 2009 Share Posted August 31, 2009 I edited my comment as it wasn't completely accurate. You can download the .xpi file and unzip it to your profile without the prompt but you will always be notified that a new extension was installed. Just like when MS installed the .net framework extension or whatever the heck it was without the user consenting. I'm surprised Mozilla didn't complain to MS about this incident. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware? Adobe and Apple too pulled something similar by silently installing the Bonjour service onto PCs via Photoshop. No one should be allowed to do this kind of thing. If companies like MS, Adobe, and Apple want to put themselves on the level of the tech industry's criminals then they have to face the consequences. Hey, Obama, how about passing a bill to outlaw corporate spyware, instead of more bills for spying on computer users! Link to comment Share on other sites More sharing options...
Eric Veteran Posted August 31, 2009 Veteran Share Posted August 31, 2009 I'm surprised Mozilla didn't complain to MS about this incident. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware?Adobe and Apple too pulled something similar by silently installing the Bonjour service onto PCs via Photoshop. No one should be allowed to do this kind of thing. If companies like MS, Adobe, and Apple want to put themselves on the level of the tech industry's criminals then they have to face the consequences. Hey, Obama, how about passing a bill to outlaw corporate spyware, instead of more bills for spying on computer users! The .NET plugin is a plugin, not an addon. It's installed as part of the Framework and Mozilla simply picks it up. Same as installing the Flash player plugin without Firefox. FF will add it automatically upon installation. Firefox is responsible for the security of its own script addons, not Microsoft. Link to comment Share on other sites More sharing options...
Eice Posted August 31, 2009 Share Posted August 31, 2009 Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed." When you get off your high horse and stop assuming that a program is secure just because it prompts you on everything, you'll realize that social engineering is exactly how malware spreads these days. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware? Yes, a program exhibiting those characteristics would. Unfortunately, due to your ignorance, you are led by rabidly paranoid hype into believing that the .NET plugin exhibits those characteristics. Link to comment Share on other sites More sharing options...
toki Posted August 31, 2009 Share Posted August 31, 2009 Right. Like we're all going to stop using Firefox because of this. :rolleyes: Nothing last forever, even FireFox... Google Chrome got high chances to be best browser also... Link to comment Share on other sites More sharing options...
Soldiers33 Posted August 31, 2009 Share Posted August 31, 2009 BS, only IE gets viruses dumbest comment of the day Link to comment Share on other sites More sharing options...
toki Posted August 31, 2009 Share Posted August 31, 2009 I'm surprised Mozilla didn't complain to MS about this incident. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware? I think you have a wrong computer software knowledge mate. The FireFox ADDON/Extension, have NOTHING to do with Microsoft. The problem is in FireFox square. Link to comment Share on other sites More sharing options...
Eice Posted August 31, 2009 Share Posted August 31, 2009 dumbest comment of the day I think it's called "sarcasm". Link to comment Share on other sites More sharing options...
ichi Posted August 31, 2009 Share Posted August 31, 2009 The .NET plugin is a plugin, not an addon. It's installed as part of the Framework and Mozilla simply picks it up. Same as installing the Flash player plugin without Firefox. FF will add it automatically upon installation. The .NET plugin provided an uninstallable extension. Yes, a program exhibiting those characteristics would. Unfortunately, due to your ignorance, you are led by rabidly paranoid hype into believing that the .NET plugin exhibits those characteristics. Did it install an extension without permission? Check. Did it introduce a vulnerability? Check. Did it not provide an uninstaller? Check. I wouldn't qualify it as malware as that would imply an intention to do harm that I'd hope this didn't, but it still shares those three qualities though. Link to comment Share on other sites More sharing options...
Recommended Posts