Author Topic: Popular Firefox plug-in hacked by malicious hackers!  (Read 1682 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33980
  • malware fighter
Popular Firefox plug-in hacked by malicious hackers!
« on: July 16, 2007, 10:44:33 PM »
Hi malware fighters,

Unknown attackers have adopted and changed a popular Firefox plugin to steal Firefox user cookies. The Greasemonkey script, to change the outlook and functionality of websites, was being downloaded from the site userscripts.org and after that uploaded again. The attacker remarked that the new script had better functionality. What it did was re-directing cookies enabling to the attacker to log-in on Google accounts and other websites.

The server at Userscripts.org was not hacked. The FBI has been set onto the case. Normally browsers are secured against websites that like to read out third party websites. Only the cross-domain-scripting-blocking can be circumvented by Greasemonkey, making these very cookies readable. For some users the appearance of the malicious script does not come as a surprise: "It was bound to happen. It surprises me it took so long before it went drastically wrong here," Naja Melan says.

Safebrowser-overlay-bootstrapper should be brought in along with add-on certification, else we will see repetition after repetition of this news,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!