Welcome to SecurityForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Trojan that targets Firefox

 
   Security Forums (Home) -> General Discussions RSS
Next:  MalwareBytes AntiMalware v1.31  
Author Message
Duh_OZ

External


Since: Dec 17, 2007
Posts: 12



(Msg. 1) Posted: Fri Dec 05, 2008 11:13 pm
Post subject: Trojan that targets Firefox
Archived from groups: alt>comp>anti-virus (more info?)

http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
=======
It drops an executable file (which is a Firefox 3 plugin) and a
JavaScript file (detected by Bitdefender as:
Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
respectively.

It filters the URLs within the Mozilla Firefox browser and whenever
encounter the following addresses opened in the Firefox browser it
captures the login credentials.
========

 >> Stay informed about: Trojan that targets Firefox 
Back to top
Login to vote
David H. Lipman

External


Since: Jul 04, 2003
Posts: 1756



(Msg. 2) Posted: Sat Dec 06, 2008 4:41 pm
Post subject: Re: Trojan that targets Firefox [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

From: "Duh_OZ"

| http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
| =======
| It drops an executable file (which is a Firefox 3 plugin) and a
| JavaScript file (detected by Bitdefender as:
| Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
| respectively.

| It filters the URLs within the Mozilla Firefox browser and whenever
| encounter the following addresses opened in the Firefox browser it
| captures the login credentials.
| ========

Subject: Avert Labs Low-Profiled Threat Notice: Generic.dx!707DA3A8

Notice

This is a Low-Profiled Threat Notice for Generic.dx!707DA3A8

Justification

Generic.dx!707DA3A8 has been deemed Low-Profiled due to media attention at

http://www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan/.

Generic.dx!707DA3A8 is referred to as "ChromeInject-A" in the article at
theregister.co.uk.

Read About It

Information about Generic.dx!707DA3A8 is located on VIL at: http://vil.nai.com/vil/content/v_153534.htm

Detection

Generic.dx!707DA3A8 was first discovered on December 4, 2008 and detection was added to
the 5436 dat files (Release Date: November 16, 2008).

To stay updated and protected download the latest dat files from

http://www.mcafee.com/us/downloads/index.html

If you suspect you have Generic.dx!707DA3A8, please submit a sample to http://www.webimmune.net

Risk Assessment Definition

For further information on the Risk Assessment and Avert Labs Recommended

Actions please see:

http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_as...sment.h


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 >> Stay informed about: Trojan that targets Firefox 
Back to top
Login to vote
Beauregard T. Shagnasty

External


Since: Aug 01, 2004
Posts: 501



(Msg. 3) Posted: Sat Dec 06, 2008 7:54 pm
Post subject: Re: Trojan that targets Firefox [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Duh_OZ wrote:

> http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
> =======
> It drops an executable file (which is a Firefox 3 plugin) and a
> JavaScript file (detected by Bitdefender as:
> Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
> respectively.

Seems to affect only Firefox for Windows.

<quote>
SYMPTOMS:
Presence of the:
"%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll"
"%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"
files in the Mozilla Firefox's plugins and chrome folders.

> It filters the URLs within the Mozilla Firefox browser and whenever
> encounter the following addresses opened in the Firefox browser it
> captures the login credentials.

They should have sorted the bank list alphabetically... Wink

--
-bts
-Friends don't let friends drive Windows
 >> Stay informed about: Trojan that targets Firefox 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Firefox and "transferring data from 127.0.0.1"? - A poster on alt.comp.freeware mentioned this site: http://redcheek.net/erm/ When I got there I noticed that a message in the bottom left hand screen of Firefox stated: "transferring data from 127.0.0.1". The page was slow to load and full ...

New Trojan? - Not sure what's up with my machine, but the spousal unit was on Ebay the other night and may have picked up something. I've noticed since then, when I've used Hotmail as well as our bank's website, the on-screen chars. and the typing lags behind...

trojan.svc.a - my avg anti virus resident sheild has come up with constant warnings 'backdoor trojan svc.a detectected' I can find no inf on this one-i ran avg it said it detected and healed but i went away for a while came back then it said same message. What is this....

PUP.exe Trojan? - I have been having some odd problems lately with my PC which seem to indicate a Trojan in onboard. On startup I get a 'new' .exe appearing in my C:\windows\system32 directory ervery time. It always has a different name (tblfiltu.exe, ssecd.exe,..

How to get rid of ICQ.PWS.Trojan - Got a problm here. NAV detected ICQ.PWS.Trojan but can't clean or quarantine. it. Access denied. And my system is getting very slow. How can i get rid of that trojan and the associated Worm.Win32.Bizex? Thanks philip
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Warning: fopen(/home/adsense_reject.txt) [function.fopen]: failed to open stream: Permission denied in /home/autoforu/public_html/Giga/GigaFunctions.php on line 1142

Warning: fwrite(): supplied argument is not a valid stream resource in /home/autoforu/public_html/Giga/GigaFunctions.php on line 1143

Warning: fclose(): supplied argument is not a valid stream resource in /home/autoforu/public_html/Giga/GigaFunctions.php on line 1144



[ Contact us | Terms of Service/Privacy Policy ]