Spyware poses as Firefox extension
PrintTrojan downloader launches secondary attack
Posted in Software & Security, 26th July 2006 13:51 GMT
Free whitepaper – What Exchange can't do - and Dell can
Virus writers have created a spyware package that poses as an extension to the Firefox web browser.
FormSpy, which poses as the legitimate NumberedLinks 0.9 extension, is programmed to steal confidential information from compromised machines including passwords, credit card numbers, and ebanking login details. The malware is also capable of sniffing passwords from ICQ, FTP, and email traffic before sending this data to a hacker-controlled website.
FormSpy is normally downloaded onto compromised machines already infected with another Trojan program, called Downloader-AXM. It can also spread as a drive-by download from compromised websites.
Downloader-AXM began spreading via virus infected spam messages (example here) earlier this week. Fortunately, the attack is not yet widespread, according to net security firm McAfee, which has published a detailed write-up of the threat here. ®
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enhancing retail operations with unified communications
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs