[ news_security_news ]
Trojan Invades Through Firefox
Doug Caverly
Staff Writer
2006-07-26
 Insider Reports RSS Feed
McAfee has reported that a new Trojan horse is loose, and this one "is installed as a Mozilla/Firefox component extension." Named "FormSpy," it should only pose a low risk to both corporate and home users.
McAfee explained the discovery of the malware in a security advisory. "Websites were found to be linking to the FormSpy website . . . and installing FormSpy using an old VBS/Psyme exploit targeting Internet Explorer," the company wrote. "These websites are believed to have been penetrated and modified by hackers."
The FormSpy "malware was downloaded and installed by the Downloader-AXM trojan," McAfee said. It also lists the malware's "characteristics," which put personal financial information in danger.
"Upon execution, it registers Mozilla event listeners to the malware and sends information submitted by the victim in the web browser to a malicious website," McAfee reported. "These information can include, but is not limited to, credit numbers, passwords, e-banking pin numbers etc. The main executable is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic."
Despite that intimidating list, it shouldn't be difficult to dispose of this Trojan. "AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination," McAfee said. The company also noted that "VBS/Psyme can be detected proactively in Internet Explorer (IE) with VirusScan ScriptScan (VSE8.0i feature) enabled . . ."
This Trojan may be another one that isn't a strong cause for concern; just the same, it's best to know about these things.
FormSpy
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
