Results 1 to 4 of 4
  1. #1
    Join Date
    Jul 2006

    Trojan cloaks itself as Firefox extension

    Trojan cloaks itself as Firefox extension

    Security vendor McAfee has detected a new piece of malicious software that masquerades as part of the Firefox Internet browser.

    McAfee calls the Trojan horse "FormSpy." Trojan horses are programs, often attached to spam e-mail, that appear innocuous but are harmful to a computer.

    FormSpy is downloaded to a computer that is already infected with another Trojan horse called "Downloader-AXM," McAfee said. That Trojan was recently detected in e-mail spam messages.

    Downloader-AXM contacts servers to download other malicious programs to a computer without a user's knowledge, according to McAfee. Once downloaded, FormSpy installs itself as a Firefox extension.

    The program appears as "NumberedLinks 0.9" extension, McAfee said. The extension normally would allow a user to navigate links by numbers using the keyboard rather than a mouse.

    Then, FormSpy can transmit information in a Web browser to another Web site, which could include credit card numbers, passwords and electronic banking pin numbers, according to McAfee. FormSpy can also steal e-mail, ICQ instant messaging service and FTP (file transfer protocol) passwords, it said.
    Original Story located Here

    Well i guess i shall be keeping an eye on suss looking extensions for now on. Suprised this type of attack has not been tried before..


  2. #2
    Senior Member
    Join Date
    Aug 2006
    thanks but how do I know that this trojan is trying or has been installed in my firefox and wait a minute!!!! Doesn all this type of trojans mean a CROSS PLATFORM vulnerability???
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    SW MO
    originally posted by:jockey0109
    how do I know that this trojan is trying or has been installed in my firefox
    You should be able to go to 'tools' > 'extensions' and see which FF extensions are installed there... if there is one called "NumberedLinks 0.9" that YOU didn't install, then you might have a trojan...

    hmm... that could turn into a bad comedy routine...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"


  4. #4
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    CROSS PLATFORM vulnerability???
    No, unfortunately, you can't get it to run on Linux.
    I came in to the world with nothing. I still have most of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.