Monday, July 31, 2006
McAfee: Trojan horse cloaks itself as Firefox extension
McAfee: Trojan horse cloaks itself as Firefox extension
Jeremy Kirk
July 26, 2006 (IDG News Service) Security vendor McAfee Inc. has detected a new piece of malicious software that masquerades as part of the Firefox Web browser.
McAfee calls the Trojan horse "FormSpy." Trojan horses are programs, often attached to spam e-mail, that appear innocuous but are harmful to a computer.
FormSpy is downloaded to a computer that is already infected with another Trojan horse called "Downloader-AXM," McAfee said. That Trojan was recently detected in e-mail spam messages.
Downloader-AXM contacts servers to download other malicious programs to a computer without a user's knowledge, according to McAfee. Once downloaded, FormSpy installs itself as a Firefox extension.
The program appears as "NumberedLinks 0.9" extension, McAfee said. The extension normally would allow a user to navigate links by numbers using the keyboard rather than a mouse.
Once installed, FormSpy can transmit information in a Web browser, which could include credit card numbers, passwords and electronic banking pin numbers, to another Web site, according to McAfee. FormSpy can also steal passwords for e-mail, ICQ instant messaging services and file transfer protocol programs, the company said.
Jeremy Kirk
July 26, 2006 (IDG News Service) Security vendor McAfee Inc. has detected a new piece of malicious software that masquerades as part of the Firefox Web browser.
McAfee calls the Trojan horse "FormSpy." Trojan horses are programs, often attached to spam e-mail, that appear innocuous but are harmful to a computer.
FormSpy is downloaded to a computer that is already infected with another Trojan horse called "Downloader-AXM," McAfee said. That Trojan was recently detected in e-mail spam messages.
Downloader-AXM contacts servers to download other malicious programs to a computer without a user's knowledge, according to McAfee. Once downloaded, FormSpy installs itself as a Firefox extension.
The program appears as "NumberedLinks 0.9" extension, McAfee said. The extension normally would allow a user to navigate links by numbers using the keyboard rather than a mouse.
Once installed, FormSpy can transmit information in a Web browser, which could include credit card numbers, passwords and electronic banking pin numbers, to another Web site, according to McAfee. FormSpy can also steal passwords for e-mail, ICQ instant messaging services and file transfer protocol programs, the company said.
# posted by raveneye @ 3:33 PM 
