back to article Spyware ad-on targets Firefox fans

Miscreants have created an item of spyware targeted at Firefox users. The malware poses as an Adobe Flash Player update but in reality its designed to log a user's browsing history, in particular their Google search queries within Firefox. This information is uploaded to a hacker-controlled server. EBOD-A also has the …

COMMENTS

This topic is closed for new posts.
  1. adnim Silver badge

    addons.mozilla.org

    I am not saying every addon for Firefox from the official source is safe and always will be. But I will say... Install an addon from anywhere else and you get what you deserve.

    Safe computing starts with the user

  2. Anonymous Coward
    Anonymous Coward

    Will this affect...

    ... Linux users, or is this just Windows users?

  3. raving angry loony

    obvious

    Social engineering attacks like this depend on people being naive and generally ignorant, even stupid. Luckily for the attackers, there's a lot of people who meet this criteria, no matter what operating system or browser they're using.

    Education and training is the key, but with marketers claiming that everything is "user friendly" and "doesn't need training" it's an uphill battle to get people to spend the time, let alone the money, getting trained to use these complex tools.

  4. Deadly_NZ

    Shockwave is safe then

    I don't like the Adobe flash I prefer the shockwave one. Looks like i picked the right one

  5. Havin_it
    Linux

    RE: Will this affect...

    I'm betting yes. An addon written in XUL and javascript, once installed, should be quite capable of performing the information disclosure the report describes.

    What wasn't mentioned is: does the victim have to click a link to trigger the addon install, or can the javascript trigger installation (or the install dialog I would assume) automatically on loading of an affected page?

    Stop smirking beaky, you don't get to be smug this time.

  6. Anonymous Coward
    Anonymous Coward

    Inject ads into Google search results?

    Doesn't Google do this already? Search for "Ranger X", an old mega drive game, and you get sponsored links from adult fuck finding sites.

  7. lukewarmdog
    Badgers

    adverts

    So it basically steals Googles adverts and replaces them with its own?

    I see a real use for this.. an app that blocks Googles adverts and replaces them with harmless but ego-boosting messages that tell you how cool you are, that you're looking good, that you picked the right browser, that you're groovy this morning.

    Advert free ego massaging would go down a ton with most people.

    And of course if you have this version, you're not getting the dodgy malware version listed in the article. Maybe we need socially-engineered friendly malware to protect us from the bad stuff.

  8. Tom 7 Silver badge

    Advert free ego massaging would go down a ton with most people

    unfortunately its the gullible that fall for this kind of stuff and they end up screwing economies and people lives.

    Mallware that takes the gullible and stupid off line is all part of the computing evolution. To 'rescue' people from it is as stupid as rescuing broke banks, or making all cars do 2 miles an hour to avoid a few prats having accidents.

  9. mittfh

    Adobe Flash Player 0.2?!?!?

    Considering the current official version is 10 (and many websites will tell you in no uncertain terms if you don't have it!), reverting back to a product calling itself version 0.2 would instantly raise hackles. Besides which, given the amount of literature that's been poured out to the effect of "Only get Flash Player from Adobe's website"...

    ...if the clueless lusers install this, on their own head be it. If only it did something more serious, like destroying a handful of Windoze DLLs...

  10. Tee

    Derrrr

    It already tried to get me.

    One day a pop-up appeared, 'Update Flash'. Sure OK.........

    Who in there right-mind installs a random pop up,

    regardless of who it claims to originate!

  11. 3BEPOTEKCT
    WTF?

    There's More To Hack Than This

    Oh, we talk about the Security of Mozilla (-: User is the best hacker, especially when downloads the add-ons from, right, anywhere else.

    The thing that really shocks is not Firefox though, talk about some ...sky antivirus FTP connection negotiations are not encrypted and you can always see "k...vdumps" pass in pcap files served on the plate. Though, it's not an official c...mplaint.

    Oh, sorry, we're talking about Mozilla. Best idea of a browser ever, I suppose.

    73

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020