Firefox users will see more malicious extensions ......

Hi malware fighters,

This according to this report
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/firefox_and_malware.pdf

A summary for the malware fighters here:

Because browsers are such an attractive attack vector to cybercriminals,
more malware targeting Firefox will appear,
according to av vendor Symantec.
Browsers process creditcard data, passwords and other sensitive information
and are allowed through the firewall to connect out.
Since the year 2005 malicious extensions for the Mozilla’s opensource browser appeared,
but the number of them is only increasing.
That seems logical, because with some 12.000 various extensions and over a billion downloads
they are a target of choice for malcreants, according to Symantec’s Candid Wüest.

The researcher describes various scenario’s in which malware can attack the browser.
The easiest of all is installing an extension in Firefox chrome,
because no interaction of the user is demanded and it makes that the extension
is not shown up in the add-on survey.
Because of this risk this possibility will be disabled in Firefox 3.6,
but this is not the only risk.
An extension that seems rather innocent can later update maliciously
or come as an extension that has been infested from the word go.
This was found in the Vietnamese language pack for Fx.
The infection went unnoticed at first by Mozilla.

Cross-platform
Another way to operate is to use the “hidden” option,
making that an installed extensions is hiddden from the extension manager,
security leaks inside the extension itself,
hijacking of another extension and browser overlay.
Via mentioned option it is possible to change the way the browser looks,
for instance for warnings and security windows.
Wüest analyzed 8 different types of malicious extensions
and concludes that Fx with a market share of now 22%
has grown enough of a platform to be a target.

“As most extensions are being made by private developers
and are not signed digitally, people have grown used to install unsigned extensions.”
Again users should not forget Firefox extensions perform on various user platforms,
like Windows, Linux & Mac OS X, so the number of possible victims becomes even larger.
“We expect to see an increase in malicious extensions in the foreseeable future.
This could be malware that can both install BHO for Internet Explorer,
as well as extensions for Firefox, while we have seen this trend coming.”
An example to target three different browser platforms at once:
http://www.symantec.com/connect/blogs/layers-trojanransompage

pol

Sounds quite likely. After all, that’s the reason there’s so many malware problems with Win and IE – they’ve both got security flaws, of course, but they’re also very inviting targets simply because of their huge (but slowly shrinking) number of users in terms of market-percentage.

fortunately Firefox is rather protected against silently installed extensions since version 3, through the allowed web sites list. Better than nothing; I’ve had one silently and extremely spyware extension once, but that was in FF 2…I posted then on Mozillazine and everyone there told me it was all my fault, and it was no Firefox business to prevent such incidents ::slight_smile: Mozilla devs have obviously changed their mind in the meantime ;D …
Now you’re talkin about extensions that can look OK at first sight but can be updated in a malicious way…well, I got a baaaaaad…feeling about this :smiley:
Thanks for that link to the symantec pdf, that’s interesting.