Hi malware fighters,
This according to this report
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/firefox_and_malware.pdf
A summary for the malware fighters here:
Because browsers are such an attractive attack vector to cybercriminals,
more malware targeting Firefox will appear,
according to av vendor Symantec.
Browsers process creditcard data, passwords and other sensitive information
and are allowed through the firewall to connect out.
Since the year 2005 malicious extensions for the Mozilla’s opensource browser appeared,
but the number of them is only increasing.
That seems logical, because with some 12.000 various extensions and over a billion downloads
they are a target of choice for malcreants, according to Symantec’s Candid Wüest.
The researcher describes various scenario’s in which malware can attack the browser.
The easiest of all is installing an extension in Firefox chrome,
because no interaction of the user is demanded and it makes that the extension
is not shown up in the add-on survey.
Because of this risk this possibility will be disabled in Firefox 3.6,
but this is not the only risk.
An extension that seems rather innocent can later update maliciously
or come as an extension that has been infested from the word go.
This was found in the Vietnamese language pack for Fx.
The infection went unnoticed at first by Mozilla.
Cross-platform
Another way to operate is to use the “hidden” option,
making that an installed extensions is hiddden from the extension manager,
security leaks inside the extension itself,
hijacking of another extension and browser overlay.
Via mentioned option it is possible to change the way the browser looks,
for instance for warnings and security windows.
Wüest analyzed 8 different types of malicious extensions
and concludes that Fx with a market share of now 22%
has grown enough of a platform to be a target.
“As most extensions are being made by private developers
and are not signed digitally, people have grown used to install unsigned extensions.”
Again users should not forget Firefox extensions perform on various user platforms,
like Windows, Linux & Mac OS X, so the number of possible victims becomes even larger.
“We expect to see an increase in malicious extensions in the foreseeable future.
This could be malware that can both install BHO for Internet Explorer,
as well as extensions for Firefox, while we have seen this trend coming.”
An example to target three different browser platforms at once:
http://www.symantec.com/connect/blogs/layers-trojanransompage
pol