Firefox specific malware

polonus · 2006-09-13T18:18:30.000Z

Hi malware fighters,

Thirty virus, trojan and other malware infections have been found to target firefox browsers (default), read about them here:
http://secunia.com/search/?search=firefox

Various we also found mentioned in the virus and worm section lately in this forum.

polonus

DavidR · 2006-09-13T18:44:48.000Z

Not classed as critical though, I just wonder if this is found in version 2.0 rc version no mention of that other than 1.x version ?

The weakness has been confirmed in version 1.5.0.6 for Windows. Other versions may also be affected.

No mention either of 1.5.0.7 being efected or not.

polonus · 2006-09-13T19:54:22.000Z

Hi DavidR,

I was not talking about holes or vulnerabilities, but further down on that page there is a number of malware mentioned, specifically aimed at the FF browser like there are for instance: JS FFSNIFF.A, Win32/Nebuler Family (Saw that just recently in the virus & worms), Win32/TibickA, Trojan.Haradong (saw that under an alias also in that forum sector) etc. etc.

Now it is important that users of these browsers (FF and Flock alike) use the in-browser protection measures like NoScript, enable/disable Flash, Distrust, TrustWatch by Geotrust or MacAfeeSiteAdvisor, DrWeb anti virus link checker, Avast Webshield inside the FF or Flock browser, Netcraft toolbar just to mention the most vital for prevention against the common infection vectors. Also in combination with the usual ad- & spyware preventing programs (Ad-Aware, Spybot S&D, SpywareBlaster) FF can be called rather secure.

polonus

DavidR · 2006-09-13T20:26:20.000Z

Even with those extensions, etc. as a first line of defence, I still recommend people use DropMyRights so should anything penetrate their defence the damage might be limited by the restricted privileges.

polonus · 2006-09-13T20:51:56.000Z

Hi DavidR,

Will not that be the normal way to go with the new Vista: user rights as by default. If not they haven’t learnt a lesson still.

polonus

DavidR · 2006-09-13T21:55:11.000Z

Well Vista UAC (User Access Control) is effectively the same downgrading rights, so they have learnt a little bit of a lesson. However, it will be a long time before I install Vista as XP Pro has considerable shelf life left. From what I’m reading there isn’t much to right home about Vista and what it can do that you can’t already do with XP Pro I can live without the bells and whistles and graphics effects.

Somehow I don’t think I will be alone in this thought and I would probably only upgrade to Vista when I buy or build a new system, for many it isn’t the cost of upgrading to vista many would have to upgrade their hardware and that is a cost too great.

As and when I get to the point of updating my existing system I will not only be considering Vista but if I should jump OS completely to one of Linux distros, or god forbid Mac, that is less likely as the hardware is more expensive and I would likely have to update my software too.

FreewheelinFrank · 2006-09-13T22:00:44.000Z

Most of these don’t seem to be Firefox-specific- they just contain the term ‘Firefox’ because Firefox is one of many processes the malware attempts to kill one of many names the malware calls itself on P2P networks.

A couple seem to inject themselves into the Firefox process, but not specifically because they also target IE.

JS_FFSNIFF.A does seem to target Firefox, by posing as a legitimate extension:

Mozilla has taken heat from security experts in the past about neglecting to digitally "sign" third-party extensions so that users have some assurance that Mozilla has vetted the developer's work.

http://blog.washingtonpost.com/securityfix/2006/07/passwordstealing_trojan_disgui.html

This story of course was about a Trojan that could install itself as an extension without any user interaction, although it did require the user to run an .exe file. :o

Some of the other malware listed by Secunia seem to be exploits for long-patched vulnerabilities in older versions.

So keeping up to date, not installing extensions from unknown sites and not running executables from email attachments seems to be enough to keep safe even without the extra precautions you mention Polonus.

Still, there’s no denying that Firefox is becoming a target for the malware writers.

system · 2006-09-13T22:07:16.000Z

Suppose this is something that is a sign of the times. I use firefox and also flock. Keep the versions up to date, use very few extensions, just the ones that I know that help them to be a secure browser. That along with sensible surfing and I seem to not have any of these problems.

system · 2006-09-13T23:58:45.000Z

Hmm, Im still not buying that Firefox is being attacked in any successful way or that it most certainly will be in future. If you have problems with spyware, virus and think it has to do with use of Firefox Im sure exactly same problems would still be there after uninstalling any Mozilla code. Reformat and countdown begins 8)

Opensource strikes fast with patches. https://bugzilla.mozilla.org/show_bug.cgi?id=351255 exploit fiddling, todays build of 2.0B2 has fix http://forums.mozillazine.org/viewtopic.php?t=463042 Secunias list of 2005 stuff is irelevant. These things happen from time to time. I have not tried it but searching “exploit” on Bugzilla might reveal more. Number of exploits is of little interest, what is being done about them is what matters.

If you dont want 2.0, only latest and greatest 1.5.0.x use either RC candidates of 1.5.0.7 http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/1.5.0.7-candidates/rc6/ or better todays build of same http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla1.8.0/ They are as stable as an official release. If anything important pops up they will release patch officially of course.

Actually I think 1.5.0.7 will be released today or at least this week so might as well let update feature do the work. Update feature was made partly to be able to throw out quick-fixes to security problems. Most important new feature since 1.0 because not all are busy seeking patches, updates to extensions etc. This is a list of bugfixes in 1.5.0.7 https://bugzilla.mozilla.org/buglist.cgi?keywords_type=allwords&keywords=fixed1.8.0.7&order=Bug+Number

That anyone can install any extension is a weak spot, in theory - Im not into extension signing but know it has been discussed, years ago too. Mozilla dont have much http://wiki.mozilla.org/Extension_Signing Might be a must some day. Need danger first. They could start by being a bit more critical of approved extensions on Add-on site. “Reviewers” are just normal users/fanboys picked up on forum or IRC, not Mozilla employees but site appear as official. If an evil extension really was released I can see it being approved.

polonus · 2006-09-14T06:13:18.000Z

Hi dk70,

Yes I agree with you that the interaction between FF and some of the extensions or between extensions as such can lead to a lot of irritation.
The TrackMeNot extension for instance that lost a lot of its functionality after the update after the 3.0 version (you can no longer load your own flat text pages, which makes it muchg easier to filter out for the SEO’s), is leaking memory. Some of the many extensions have really adware like qualities, but you cannot say much about that because you install them yourself, if you want to do so. E.g cooliris, is that safe?
It is all about coders and what they do.

polonus

system · 2006-09-14T09:59:15.000Z

If you count user-tracking as an evil plenty extensions are in trouble. Google for example. More like a general Web feature really, some extensions just follow up. A few have it as business model. Add-on site do not care as long as privacy policy is stated.

I think Cooliris is safe enough but better read their policy.

Announcements