http://www.techworld.com/security/news/index.cfm?newsid=6524 By Jeremy Kirk IDG News Service 26 July 2006 A new password-stealing Trojan masquerading as an extension to Firefox is on the loose. Called "FormSpy", it is downloaded to a computer that is already infected with another Trojan horse called "Downloader-AXM", according to McAfee. That Trojan was recently detected in e-mail spam messages. Downloader-AXM contacts servers to download other malicious programs to a computer without a user's knowledge. Once downloaded, FormSpy installs itself as a Firefox extension. The program appears as the "NumberedLinks 0.9" extension, which would normally would allow a user to navigate links by numbers using the keyboard rather than a mouse. The payload is that FormSpy can transmit information in a Web browser to another website, which could include credit card numbers, passwords and electronic banking pin numbers, according to McAfee. FormSpy can also steal e-mail, ICQ instant messaging service and FTP passwords. The targeting of Firefox is not coincidental. Microsoft's rival Internet Explorer browser has reigned in the ability of ActiveX controls to be installed without digitally-signed verification, something that will become standard on the forthcoming IE7. Mozilla is still without that protection, relying on confirmation dialogues. All contents © IDG 2006. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 27 2006 - 22:46:32 PDT