Feeds

back to article Spyware ad-on targets Firefox fans

Miscreants have created an item of spyware targeted at Firefox users. The malware poses as an Adobe Flash Player update but in reality its designed to log a user's browsing history, in particular their Google search queries within Firefox. This information is uploaded to a hacker-controlled server. EBOD-A also has the …

COMMENTS

This topic is closed for new posts.
Bronze badge

addons.mozilla.org

I am not saying every addon for Firefox from the official source is safe and always will be. But I will say... Install an addon from anywhere else and you get what you deserve.

Safe computing starts with the user

0
0
Anonymous Coward

Will this affect...

... Linux users, or is this just Windows users?

0
0

obvious

Social engineering attacks like this depend on people being naive and generally ignorant, even stupid. Luckily for the attackers, there's a lot of people who meet this criteria, no matter what operating system or browser they're using.

Education and training is the key, but with marketers claiming that everything is "user friendly" and "doesn't need training" it's an uphill battle to get people to spend the time, let alone the money, getting trained to use these complex tools.

0
0

Shockwave is safe then

I don't like the Adobe flash I prefer the shockwave one. Looks like i picked the right one

0
0
Bronze badge
Linux

RE: Will this affect...

I'm betting yes. An addon written in XUL and javascript, once installed, should be quite capable of performing the information disclosure the report describes.

What wasn't mentioned is: does the victim have to click a link to trigger the addon install, or can the javascript trigger installation (or the install dialog I would assume) automatically on loading of an affected page?

Stop smirking beaky, you don't get to be smug this time.

0
0
Anonymous Coward

Inject ads into Google search results?

Doesn't Google do this already? Search for "Ranger X", an old mega drive game, and you get sponsored links from adult fuck finding sites.

0
0
Badgers

adverts

So it basically steals Googles adverts and replaces them with its own?

I see a real use for this.. an app that blocks Googles adverts and replaces them with harmless but ego-boosting messages that tell you how cool you are, that you're looking good, that you picked the right browser, that you're groovy this morning.

Advert free ego massaging would go down a ton with most people.

And of course if you have this version, you're not getting the dodgy malware version listed in the article. Maybe we need socially-engineered friendly malware to protect us from the bad stuff.

0
0
Silver badge

Advert free ego massaging would go down a ton with most people

unfortunately its the gullible that fall for this kind of stuff and they end up screwing economies and people lives.

Mallware that takes the gullible and stupid off line is all part of the computing evolution. To 'rescue' people from it is as stupid as rescuing broke banks, or making all cars do 2 miles an hour to avoid a few prats having accidents.

0
0

Adobe Flash Player 0.2?!?!?

Considering the current official version is 10 (and many websites will tell you in no uncertain terms if you don't have it!), reverting back to a product calling itself version 0.2 would instantly raise hackles. Besides which, given the amount of literature that's been poured out to the effect of "Only get Flash Player from Adobe's website"...

...if the clueless lusers install this, on their own head be it. If only it did something more serious, like destroying a handful of Windoze DLLs...

0
0
Tee

Derrrr

It already tried to get me.

One day a pop-up appeared, 'Update Flash'. Sure OK.........

Who in there right-mind installs a random pop up,

regardless of who it claims to originate!

0
0
WTF?

There's More To Hack Than This

Oh, we talk about the Security of Mozilla (-: User is the best hacker, especially when downloads the add-ons from, right, anywhere else.

The thing that really shocks is not Firefox though, talk about some ...sky antivirus FTP connection negotiations are not encrypted and you can always see "k...vdumps" pass in pcap files served on the plate. Though, it's not an official c...mplaint.

Oh, sorry, we're talking about Mozilla. Best idea of a browser ever, I suppose.

73

0
0
This topic is closed for new posts.