Firefox and Firefox-malware....

[luntrus]

Hi you forum friends,

Because browsers are such an attractive attack vector to cybercriminals,
more malware targeting Firefox will appear,
according to av vendor Symantec. http://www.symantec.com/content/en/us/e ... alware.pdf
Browsers process creditcard data, passwords and other sensitive information
and are allowed through the firewall to connect out.
Since the year 2005 malicious extensions for the Mozilla's opensource browser appeared,
but the number of them is only increasing.
That seems logical, because with some 12.000 various extensions and over a billion downloads
they are a target of choice for malcreants, according to Symantec's Candid Wüest.

The researcher describes various scenario's in which malware can attack the browser.
The easiest of all is installing an extension in Firefox chrome,
because no interaction of the user is demanded and it makes that the extension
is not shown up in the add-on survey.
Because of this risk this possibility will be disabled in Firefox 3.6,
but is not the onlu risk.
An extension that seems rather innocent can later update maliciously
or come as an extension that has been infested from the word go.
This was found in the Vietnamese language pack for Fx.
The infection went unnoticed at first by Mozilla.

Cross-platform
Another way to operate is to use the "hidden" option,
making that an installed extensions is hiddden from the extension manager,
security leaks inside the extension itself,
hijacking of another extension and browser overlay.
Via mentioned option it is possible to change the way the browser looks,
for instance for warnings and security windows.
Wüest analyzed 8 different types of malicious extensions
and concludes that Fx with a market share of now 22%
has grown enough of a platform to be a target.

"As most extensions are being made by private developers
and are not signed digitally, people have grown used to install unsigned extensions."
Again users should not forget Firefox extensions perform on various user platforms,
like Windows, Linux & Mac OS X, so the number of possible victims becomes even larger.
"We expect to see an increase in malicious extensions in the foreseeable future.
This could be malware that can both install BHO for Internet Explorer,
as well as extensions for Firefox, while we have seen this trend coming."

luntrus

[GµårÐïåñ]

Thank you for sharing and not to toot the NS horn, if you pay attention to what you are downloading, installing and trusting on the chrome level and have a protection like NS in place, then you are not COMPLETELY available to be pwned but yes its getting easier and more prevalent to attack Fx now, the motto which made it famous is not holding up. Mostly to blame is the OS nature of the development and that fact that anyone can do and submit and introduce anything with little to no control by Mozilla because they admittedly argue they are volunteers and bluh bluh but they are making money so the logic is a bit self serving.

[Tom T.]

Hi you forum friends, <much snipped>

The researcher describes various scenario's in which malware can attack the browser.
The easiest of all is installing an extension in Firefox chrome,
because no interaction of the user is demanded and it makes that the extension
is not shown up in the add-on survey.

Cross-platform
Another way to operate is to use the "hidden" option,
making that an installed extensions is hiddden from the extension manager,

A perfect example of this is shown in this long-running thread
Giorgio told us then that the "hidden" option is being eliminated, which will help. It seems like a bad idea in the first place.

Thank you as always for sharing.
Regards,
Tom T.