A trojan attacks Firefox masquerading as Adobe Flash Player update

By franzon
in Back Page News

 Share

Recommended Posts

Mentor

franzon

Posted
Posted

Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called ?Adobe Flash Player 0.2,? the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts.

TSPY_EBOD_A.jpg

The said add-on injects ads into the user?s Google search results pages. More disturbing, however, is its capability to monitor the user?s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}jupdate.com.

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice it seems it no longer is with the proliferation of malware targetting the most popular alternative Internet browser?Firefoxor:rolleyes::rolleyes:

http://blog.trendmicro.com/firefox-addo-sp...search-results/

Grand Master

Miuku.

Posted
Posted
probably going to get blocked with an update

Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..

I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed."

Grand Master

supernova_00

Posted
Posted
Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..

I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed."

Extensions can be easily installed without prompt. Not through Firefox but through Windows.

Grand Master

supernova_00

Posted
Posted
Yeah, amazing how secure is FireFox..... :unsure:

I edited my comment as it wasn't completely accurate. You can download the .xpi file and unzip it to your profile without the prompt but you will always be notified that a new extension was installed. Just like when MS installed the .net framework extension or whatever the heck it was without the user consenting.

Grand Master

ToneKnee

Posted
Posted
I edited my comment as it wasn't completely accurate. You can download the .xpi file and unzip it to your profile without the prompt but you will always be notified that a new extension was installed. Just like when MS installed the .net framework extension or whatever the heck it was without the user consenting.

But that required a user to install something to do that in the first place.

Grand Master

dead.cell

Posted
Posted
Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targetting the most popular alternative Internet browser?Firefoxb>:rolleyes:s:

Right. Like we're all going to stop using Firefox because of this:rolleyes:s:

Community Regular

Tech Geek Alex

Posted
Posted
Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..

I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed."

That is because you read - As the very old saying goes "There is one born every minute". And I make my living cleaning up after they click 2x's without reading what they are clicking on.

Veteran

toadeater

Posted
Posted
I edited my comment as it wasn't completely accurate. You can download the .xpi file and unzip it to your profile without the prompt but you will always be notified that a new extension was installed. Just like when MS installed the .net framework extension or whatever the heck it was without the user consenting.

I'm surprised Mozilla didn't complain to MS about this incident. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware?

Adobe and Apple too pulled something similar by silently installing the Bonjour service onto PCs via Photoshop. No one should be allowed to do this kind of thing. If companies like MS, Adobe, and Apple want to put themselves on the level of the tech industry's criminals then they have to face the consequences.

Hey, Obama, how about passing a bill to outlaw corporate spyware, instead of more bills for spying on computer users!

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
I'm surprised Mozilla didn't complain to MS about this incident. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware?

Adobe and Apple too pulled something similar by silently installing the Bonjour service onto PCs via Photoshop. No one should be allowed to do this kind of thing. If companies like MS, Adobe, and Apple want to put themselves on the level of the tech industry's criminals then they have to face the consequences.

Hey, Obama, how about passing a bill to outlaw corporate spyware, instead of more bills for spying on computer users!

The .NET plugin is a plugin, not an addon. It's installed as part of the Framework and Mozilla simply picks it up. Same as installing the Flash player plugin without Firefox. FF will add it automatically upon installation. Firefox is responsible for the security of its own script addons, not Microsoft.

Community Regular

Eice

Posted
Posted
Seeing as you have to accept it, wait for 5 seconds and then accept to install it AGAIN..

I'll be right back. I'll create a trojan that erases your entire hard drive after you you press "Yes I'm an idiot, I actually pressed run twice on this application, first to download it and then to execute it and now I'm screwed."

When you get off your high horse and stop assuming that a program is secure just because it prompts you on everything, you'll realize that social engineering is exactly how malware spreads these days.

Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware?

Yes, a program exhibiting those characteristics would. Unfortunately, due to your ignorance, you are led by rabidly paranoid hype into believing that the .NET plugin exhibits those characteristics.

Contributor

toki

Posted
Posted
I'm surprised Mozilla didn't complain to MS about this incident. Not only was it installed without permission, not only did it introduce a vulnerability into Firefox, but MS didn't provide an uninstaller! Doesn't that classify as malware?

I think you have a wrong computer software knowledge mate.

The FireFox ADDON/Extension, have NOTHING to do with Microsoft. The problem is in FireFox square.

Grand Master

ichi

Posted
Posted
The .NET plugin is a plugin, not an addon. It's installed as part of the Framework and Mozilla simply picks it up. Same as installing the Flash player plugin without Firefox. FF will add it automatically upon installation.

The .NET plugin provided an uninstallable extension.

Yes, a program exhibiting those characteristics would. Unfortunately, due to your ignorance, you are led by rabidly paranoid hype into believing that the .NET plugin exhibits those characteristics.

Did it install an extension without permission? Check.

Did it introduce a vulnerability? Check.

Did it not provide an uninstaller? Check.

I wouldn't qualify it as malware as that would imply an intention to do harm that I'd hope this didn't, but it still shares those three qualities though.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

  • Recent Achievements

    • Conversation Starter
      FBSPL earned a badge
      Conversation Starter
    • Week One Done
      I2D earned a badge
      Week One Done
    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular

  • Popular Contributors

    1. 1
      +primortal
      486
    2. 2
      PsYcHoKiLLa
      262
    3. 3
      Skyfrog
      85
    4. 4
      FloatingFatMan
      65
    5. 5
      Michael Scrip
      62
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!