BitDefender Uncovers New Password Stealing Application

  • 12 Replies
  • 4594 Views
*

Offline mrrockford

  • Supervisory Sanitation Engineer
  • Bronze Member
  • 363
BitDefender Uncovers New Password Stealing Application
« on: December 05, 2008, 11:17:58 AM »
Howdy,

This is just great.

Quote
A password stealing application, disguised as a Firefox Plugin, filters sent login credentials

Quote
BitDefenderŪ announced that a new type of password - stealing application disguised as a Mozilla Firefox Plugin has been detected in the wild. The e-threat, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plugin folder and is executed each time the user opens Firefox.

Read more here.
We have enough youth... how about a fountain of smart?

"Anyone who considers protocol unimportant has never dealt with a cat."

L. Long


Speaking Geek

*

Offline Mister2

  • Global Moderator
  • Gold Member
  • 2385
Re: BitDefender Uncovers New Password Stealing Application
« Reply #1 on: December 05, 2008, 02:42:42 PM »
Any idea what the name of the 'plugin' might be?
Although I suppose a random name would fool most FF users. 
Never stop learning - visit the SpywareHammer Knowledgebase

*

Offline mrrockford

  • Supervisory Sanitation Engineer
  • Bronze Member
  • 363
Re: BitDefender Uncovers New Password Stealing Application
« Reply #2 on: December 05, 2008, 02:46:56 PM »
Howdy,

According to heise security, after the install it gives itself out as "Greasemonkey".
We have enough youth... how about a fountain of smart?

"Anyone who considers protocol unimportant has never dealt with a cat."

L. Long


Speaking Geek

*

Offline williamkidd

  • Bronze Member
  • 364
Re: BitDefender Uncovers New Password Stealing Application
« Reply #3 on: December 05, 2008, 03:12:30 PM »
I'm guessing that it's not on the official Mozilla site. Why would anyone want a plug-in that doesn't come from the official site?
Penny, everything is better with Bluetooth. - The Big Bang Theory

*

Offline mrrockford

  • Supervisory Sanitation Engineer
  • Bronze Member
  • 363
Re: BitDefender Uncovers New Password Stealing Application
« Reply #4 on: December 05, 2008, 03:27:55 PM »
Howdy,

Quote
Why would anyone want a plug-in that doesn't come from the official site?

Because it offers something that the official plug-ins or add-ons don't?  I do not know.  It is suggested that you only install signed stuff but it doesn't take much to fake that now-a-days.
We have enough youth... how about a fountain of smart?

"Anyone who considers protocol unimportant has never dealt with a cat."

L. Long


Speaking Geek

*

Offline williamkidd

  • Bronze Member
  • 364
Re: BitDefender Uncovers New Password Stealing Application
« Reply #5 on: December 05, 2008, 03:46:00 PM »
Must have been something that offered free money because I can't think of anything that's not available on the official site. Maybe the plugin is like that download from the Apple AppStore, the $1000 I Am Rich app.  :)
Penny, everything is better with Bluetooth. - The Big Bang Theory

*

Offline Mister2

  • Global Moderator
  • Gold Member
  • 2385
Re: BitDefender Uncovers New Password Stealing Application
« Reply #6 on: December 05, 2008, 11:24:32 PM »
Isn't ieview an independent extension?
Never stop learning - visit the SpywareHammer Knowledgebase

*

Offline williamkidd

  • Bronze Member
  • 364
Re: BitDefender Uncovers New Password Stealing Application
« Reply #7 on: December 06, 2008, 03:46:33 PM »
Isn't ieview an independent extension?
I believe that most of the FF plug-ins are independent, Mister2, due to the open-source concept. IE View is available on both the mozilla.org (the official FF site) and mozdev.org sites. Many of the developers that have their plug-ins listed on those two sites also have their own sites. (On a semi-related note, I use IETab rather than IE View and noticed that IETab is ranked higher on mozdev.org.)
Penny, everything is better with Bluetooth. - The Big Bang Theory

*

Offline Mister2

  • Global Moderator
  • Gold Member
  • 2385
Re: BitDefender Uncovers New Password Stealing Application
« Reply #8 on: December 07, 2008, 12:03:09 AM »
Quite correct.

I started from addons.mozilla.org and got no hits there when searching for 'IEView', hence why I thought it was not officially available from Mozilla.
I will check out IE Tab - thanks!
Never stop learning - visit the SpywareHammer Knowledgebase

*

Offline williamkidd

  • Bronze Member
  • 364
Re: BitDefender Uncovers New Password Stealing Application
« Reply #9 on: December 07, 2008, 09:23:01 AM »
Addons.mozilla.org is very picky when it comes to spacing. Searching for "IEView" and "IE View" returns different results, notice the latter has a space between IE and View. Searching for either of the following plug-ins requires the space between IE and the following word. Hope this helps.  :)

IE Tab: https://addons.mozilla.org/en-US/firefox/addon/1419

IE View: https://addons.mozilla.org/en-US/firefox/addon/35
Penny, everything is better with Bluetooth. - The Big Bang Theory

*

Offline Mister2

  • Global Moderator
  • Gold Member
  • 2385
Re: BitDefender Uncovers New Password Stealing Application
« Reply #10 on: December 07, 2008, 01:48:12 PM »
Thanks for that IE Tab link.  I usually find the extensions from Google if I know the name.

I installed it and it looks pretty useful - the tab opens quicker than the full IE window.
I have a couple of sites that insist on using IE so this will be a good choice for me.  :)
Never stop learning - visit the SpywareHammer Knowledgebase

*

Offline williamkidd

  • Bronze Member
  • 364
Re: BitDefender Uncovers New Password Stealing Application
« Reply #11 on: December 07, 2008, 07:56:25 PM »
You're welcome, Mister2. I'm glad that helped.  :)
Penny, everything is better with Bluetooth. - The Big Bang Theory

*

Offline AlphaCentauri

  • Anti - Phishing Staff
  • Bronze Member
  • 201
Re: BitDefender Uncovers New Password Stealing Application
« Reply #12 on: January 02, 2009, 05:14:01 PM »
One hint for searching sites that don't have very robust search functions (like wikis -- grrr) is to let Google do the search instead using the "site:" command.

So "site:addons.mozilla.org ie view"
and "site:addons.mozilla.org ieview"
both find it when pasted into a Google search (without the quotes).