Author Topic: Firefox specific malware  (Read 7099 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Firefox specific malware
« on: September 13, 2006, 08:18:30 PM »
Hi malware fighters,

Thirty virus, trojan and other malware infections have been found to target firefox browsers (default), read about them here:
http://secunia.com/search/?search=firefox

Various we also found mentioned in the virus and worm section lately in this forum.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Firefox specific malware
« Reply #1 on: September 13, 2006, 08:44:48 PM »
Not classed as critical though, I just wonder if this is found in version 2.0 rc version no mention of that other than 1.x version ?

Quote
The weakness has been confirmed in version 1.5.0.6 for Windows. Other versions may also be affected.
No mention either of 1.5.0.7 being efected or not.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Firefox specific malware
« Reply #2 on: September 13, 2006, 09:54:22 PM »
Hi DavidR,

I was not talking about holes or vulnerabilities, but further down on that page there is a number of malware mentioned, specifically aimed at  the FF browser like there are for instance: JS FFSNIFF.A, Win32/Nebuler Family (Saw that just recently in the virus & worms), Win32/TibickA, Trojan.Haradong (saw that under an alias also in that forum sector) etc. etc.

Now it is important that users of these browsers (FF and Flock alike) use the in-browser protection measures like NoScript, enable/disable Flash, Distrust, TrustWatch by Geotrust or MacAfeeSiteAdvisor,  DrWeb anti virus link checker, Avast Webshield inside the FF or Flock browser, Netcraft toolbar just to mention the most vital for prevention against the common infection vectors. Also in combination with the usual ad- & spyware preventing programs (Ad-Aware, Spybot S&D, SpywareBlaster) FF can be called rather secure.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Firefox specific malware
« Reply #3 on: September 13, 2006, 10:26:20 PM »
Even with those extensions, etc. as a first line of defence, I still recommend people use DropMyRights so should anything penetrate their defence the damage might be limited by the restricted privileges.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Firefox specific malware
« Reply #4 on: September 13, 2006, 10:51:56 PM »
Hi DavidR,

Will not that be the normal way to go with the new Vista: user rights as by default. If not they haven't learnt a lesson still.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Firefox specific malware
« Reply #5 on: September 13, 2006, 11:55:11 PM »
Well Vista UAC (User Access Control) is effectively the same downgrading rights, so they have learnt a little bit of a lesson. However, it will be a long time before I install Vista as XP Pro has considerable shelf life left. From what I'm reading there isn't much to right home about Vista and what it can do that you can't already do with XP Pro I can live without the bells and whistles and graphics effects.

Somehow I don't think I will be alone in this thought and I would probably only upgrade to Vista when I buy or build a new system, for many it isn't the cost of upgrading to vista many would have to upgrade their hardware and that is a cost too great.

As and when I get to the point of updating my existing system I will not only be considering Vista but if I should jump OS completely to one of Linux distros, or god forbid Mac, that is less likely as the hardware is more expensive and I would likely have to update my software too.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Firefox specific malware
« Reply #6 on: September 14, 2006, 12:00:44 AM »
Most of these don't seem to be Firefox-specific- they just contain the term 'Firefox' because Firefox is one of many processes the malware attempts to kill one of many names the malware calls itself on P2P networks.

A couple seem to inject themselves into the Firefox process, but not specifically because they also target IE.

JS_FFSNIFF.A does seem to target Firefox, by posing as a legitimate extension:

Quote
Mozilla has taken heat from security experts in the past about neglecting to digitally "sign" third-party extensions so that users have some assurance that Mozilla has vetted the developer's work.

http://blog.washingtonpost.com/securityfix/2006/07/passwordstealing_trojan_disgui.html

This story of course was about a Trojan that could install itself as an extension without any user interaction, although it did require the user to run an .exe file.  :o

Some of the other malware listed by Secunia seem to be exploits for long-patched vulnerabilities in older versions.

So keeping up to date, not installing extensions from unknown sites and not running  executables from email attachments seems to be enough to keep safe even without the extra precautions you mention Polonus.

Still, there's no denying that Firefox is becoming a target for the malware writers.
« Last Edit: September 14, 2006, 12:02:43 AM by FreewheelinFrank »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

neal62

  • Guest
Re: Firefox specific malware
« Reply #7 on: September 14, 2006, 12:07:16 AM »
Suppose this is something that is a sign of the times. I use firefox and also flock. Keep the versions up to date, use very few extensions, just the ones that I know that help them to be a secure browser. That along with sensible surfing and I seem to not have any of these problems.  :)

dk70

  • Guest
Re: Firefox specific malware
« Reply #8 on: September 14, 2006, 01:58:45 AM »
Hmm, Im still not buying that Firefox is being attacked in any successful way or that it most certainly will be in future. If you have problems with spyware, virus and think it has to do with use of Firefox Im sure exactly same problems would still be there after uninstalling any Mozilla code. Reformat and countdown begins  8)

Opensource strikes fast with patches. https://bugzilla.mozilla.org/show_bug.cgi?id=351255 exploit fiddling, todays build of 2.0B2 has fix http://forums.mozillazine.org/viewtopic.php?t=463042 Secunias list of 2005 stuff is irelevant. These things happen from time to time. I have not tried it but searching "exploit" on Bugzilla might reveal more. Number of exploits is of little interest, what is being done about them is what matters.

If you dont want 2.0, only latest and greatest 1.5.0.x use either RC candidates of 1.5.0.7 http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/1.5.0.7-candidates/rc6/ or better todays build of  same http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla1.8.0/ They are as stable as an official release. If anything important pops up they will release patch officially of course.

Actually I think 1.5.0.7 will be released today or at least this week so might as well let update feature do the work. Update feature was made partly to be able to throw out quick-fixes to security problems. Most important new feature since 1.0 because not all are busy seeking patches, updates to extensions etc. This is a list of bugfixes in 1.5.0.7 https://bugzilla.mozilla.org/buglist.cgi?keywords_type=allwords&keywords=fixed1.8.0.7&order=Bug+Number 

That anyone can install any extension is a weak spot, in theory - Im not into extension signing but know it has been discussed, years ago too. Mozilla dont have much http://wiki.mozilla.org/Extension_Signing Might be a must some day. Need danger first. They could start by being a bit more critical of approved extensions on Add-on site. "Reviewers" are just normal users/fanboys picked up on forum or IRC, not Mozilla employees but site appear as official. If an evil extension really was released I can see it being approved.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Firefox specific malware
« Reply #9 on: September 14, 2006, 08:13:18 AM »
Hi dk70,

Yes I agree with you that the interaction between FF and some of the extensions or between extensions as such can lead to a lot of irritation.
The TrackMeNot extension for instance that lost a lot of its functionality  after the update after the 3.0 version (you can no longer load your own flat text pages, which makes it muchg easier to filter out for the SEO's), is leaking memory. Some of the many extensions have really adware like qualities, but you cannot say much about that because you install them yourself, if you want to do so. E.g cooliris, is that safe?
It is all about coders and what they do.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

dk70

  • Guest
Re: Firefox specific malware
« Reply #10 on: September 14, 2006, 11:59:15 AM »
If you count user-tracking as an evil plenty extensions are in trouble. Google for example. More like a general Web feature really, some extensions just follow up. A few have it as business model. Add-on site do not care as long as privacy policy is stated.

I think Cooliris is safe enough but better read their policy.