Computer Trojan Compels Firefox to Save Passwords
Researchers at the security firm Webroot have identified a malware competent of stealing login credentials stored by web browsers like internet explorer and Firefox on the user's system.
Andrew Brandt, Security Researcher at Webroot stated in a blog post that, every time Firefox identified that login details were being submitted via a web form, the web browser applications retained them for further use in future, as reported by infosecurity on October 8, 2010.
Brandt further stated that his research team had found that the computer Trojan patches a file named nsLoginManagerPrompter.js, by providing some additional lines of code to dictate whether Firefox encourages the users to save passwords when they log into a safe website.
Further, with the help of that login information, the computer Trojan makes a new account with the name of "Maestro" on the compromised system.
Brandt further stated that the Trojan then acquires information and other details from the registry, from the area called Protected Storage area utilized by the internet explorer to save passwords, and from Firefox's own password storage. It further tries to bypass the hacked information onward, one time per minute, as reported by Softpedia on October 7, 2010.
Further, the password stealer downloads and installs itself in the c:\windows\system32 folder as a file called Kernel.exe. The hacked data is send to a command and control server through a denounced ActiveX control called msinet.ocx.
The Web domain planned to receive the stolen data has been already closed. The malicious code within the malware exposed the author's name and e-mail address, which led Webroot to a Facebook page for a Karaj (Iran) based cybercriminal or hacker who provides a free keylogger creator tool attacking users of Microsoft Windows.
Webroot says that to fix the customized Firefox file, users should download the most recent Firefox installer and install it on their system over the already existing installation because no anti-virus software can restore the customized Firefox file.
Conclusively Brandt stated that the users would not lose any add-ons or bookmarks in the procedure, as reported by infosecurity on October 8, 2010.
Related article: Computer Virus Writers Adopt New Strategy
» SPAMfighter News - 14-10-2010