Two Malware Items Attacking Firefox

Firefox has long been receiving praises because of its enhanced security systems compared to other browsers, including Internet Explorer. However, with the findings of Webroot, the picture appears to be changing now.

The Threat Blog of Webroot reports that Firefox users can land into trouble because of two pieces of badware that have been freshly discovered and could launch attacks against the browser.

Andrew Brandt, Threat Research Analyst at Webroot, wrote in his blog that the first badware item behaves like DNSChanger, an ordinary threat for DNS hijacking, but works in a different way. Instead of compromising registry entries to change DNS, the new badware pushes a DLL component into the C:\Program Files\Mozilla Firefox\components directory, thereby getting it executed within the browser.

Brandt writes that previously, DNSChanger was designed to boost the number of fraudulent advertising associates and to divert unwitting users to fake anti-malware sites through spurious results. Now one has to wait to see if the new variant would also spread as widely as the old version, as reported by eWEEK SECURITY WATCH on March 30, 2009.

Nevertheless, similar to DNSChanger, the new malware also seizes specific operations such as search requests to subsequently divert users to a Ukrainian server previously used by DNSChanger.

The other attack that the researchers highlighted is an adware that installs itself only with Firefox 3.x or subsequent versions. When the agreement describing the 'terms of service' is clicked, it allows the adware to install on a user's computer. It is called Foxicle something that produces pop-up ads.

Hence, users unfortunately are forced to see some undesirable ads when they use the browser.

Meanwhile, Brandt argues that the attacks in both instances represent a new set of Firefox malware that are so advanced that security experts would find them hard to crack.

Moreover, the early malware entries for Firefox could signal other IE players that they need to adopt cross-platform techniques. These techniques were used to market IE malware but they are used to sell malware for Firefox, leading to the growth in malware industry.

Related article: THE SPAM MAFIA

» SPAMfighter News - 4/7/2009