FormSpy - Spyware hooked in Firefox!!!

Wednesday, July 26, 2006

We all are convinced that Firefox is a safe browser and surfing the web with the Firefox is the safest option, right? Wrong! Recently, a new spyware is released which hooks itself with the Firefox browser and sends the important personal information to the malicious website. The personal information covers, credit cards, PIN, passwords and other important stuff which we put in the forms while surfing the web.

The main executable of the spyware is capable of sniffing the passwords of POP3, FTP, ICQ and other various important applications or protocols.

Sources say that the spyware is spreading itself with the help of SPAM emails and tries to show itself as an email from Wallmart and poses that there is some problem in the billing.

Now, I am thinking that what else can be done to avoid all these spyware makers and trojans because world's so called safest browser is not safe anymore!

---------------------UPDATE--------------------------

I forgot one thing and few things at digg have made me learn that the world doesn't know about the efforts one is putting in to keep the blog updated or trying to help the visitors. Anyway, when I submitted this story at digg, there were some users who asked about the news source and few other details and I have to apologize to everyone (not just those users) that I failed to mention the news source, may be because I myself was shocked to read the story and wanted to inform everyone about it...

Here are the sources :

Avertlabs
Nai

Upon successful execution, FormSpy hooks mouse and keyboard events in the Mozilla Firefox web browser. It can then forwards information such as credit card numbers, passwords and URLs typed in the browser to a malicious website hosted at IP address 81.95.xx.xx.

Typically, Mozilla Firefox components are installed via .xpi files where users are prompted to confirm the installation. FormSpy writes and modifies Mozilla configuration files directly which bypasses this confirmation process.

This is taken from the avertlabs page. I hope it will clear up things.

posted by ReviewSaurus, 11:36 AM

3 Comments:

There is no such thing as a safe application if users insist on doing what random people tell them.

commented by Anonymous, 6:15 AM

Wait.. I'm confused. So this spreads via e-mail? Which e-mail clients. Do the users have to run the program or exploit a vulnerability in the e-mail program in order to install this plug-in into Firefox? So.. where's the vulnerability? That Firefox allows a user to install a plugin if they are stupid enough or if their e-mail client is insecure? How is this Firefox's problem?

commented by Anonymous, 6:17 AM

Well, with popular demand at digg and with my apology that I failed to mention the source here are the sources :

http://vil.nai.com/vil/content/v_140256.htm
http://www.avertlabs.com/research/blog/?p=62

commented by ReviewSaurus, 11:20 AM

Add a comment

About me

Hi, My name is ReviewSaurus and I am obssesed with technology. I write technical articles, reviews about softwares, websites and try to keep myself and others updated with the major internet news.