Trojan that targets Firefox

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
=======
It drops an executable file (which is a Firefox 3 plugin) and a
JavaScript file (detected by Bitdefender as:
Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
respectively.

It filters the URLs within the Mozilla Firefox browser and whenever
encounter the following addresses opened in the Firefox browser it
captures the login credentials.
========

Re: Trojan that targets Firefox


| http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html
| =======
| It drops an executable file (which is a Firefox 3 plugin) and a
| JavaScript file (detected by Bitdefender as:
| Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders
| respectively.

| It filters the URLs within the Mozilla Firefox browser and whenever
| encounter the following addresses opened in the Firefox browser it
| captures the login credentials.
| ========

Subject: Avert Labs Low-Profiled Threat Notice: Generic.dx!707DA3A8

Notice

This is a Low-Profiled Threat Notice for Generic.dx!707DA3A8

Justification

Generic.dx!707DA3A8 has been deemed Low-Profiled due to media attention at

http://www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan /.

Generic.dx!707DA3A8 is referred to as "ChromeInject-A" in the article at
theregister.co.uk.

Read About It

Information about Generic.dx!707DA3A8 is located on VIL at:
http://vil.nai.com/vil/content/v_153534.htm

Detection

Generic.dx!707DA3A8 was first discovered on December 4, 2008 and detection was
added to
the 5436 dat files (Release Date: November 16, 2008).

To stay updated and protected download the latest dat files from

http://www.mcafee.com/us/downloads/index.html

If you suspect you have Generic.dx!707DA3A8, please submit a sample to
http://www.webimmune.net

Risk Assessment Definition

For further information on the Risk Assessment and Avert Labs Recommended

Actions please see:

http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Trojan that targets Firefox

Duh_OZ wrote:

Quoted text here. Click to load it

Seems to affect only Firefox for Windows.

<quote>
SYMPTOMS:
Presence of the:
"%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll"
"%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"
files in the Mozilla Firefox's plugins and chrome folders.

Quoted text here. Click to load it

They should have sorted the bank list alphabetically...  ;-)

--
   -bts
   -Friends don't let friends drive Windows

Site Timeline