Trojan Modifies Firefox to Store Passwords; Infiltrates Protected Storage Area

6

Comments

+ Add a Comment
avatar

AndrewBrandt

Hi Pulkit. I just wanted to correct one part of the reporting in the lede of your story. The malware reported in the blog post does not use passwords harvested from Firefox to create the local "Maestro" machine account. It steals saved passwords, and it also creates a user account, but the stolen passwords are not used to create the account.

In response to the poster below, Internet Explorer was just as affected by this malware as was Firefox. The Trojan harvests passwords from the Protected Storage area as well as modifies a number of registry settings affecting IE's security zones.

The bottom line is, once the malware is running on a victim's machine, all bets are off, and Firefox (with the NoScript plug-in installed) presents a far less vulnerable attack profile.

-=A

avatar

max.reader

Every browser you add creates another attack vector to your system. Microsoft's IE8 works great and IE9 looks promising.

Why add additional "doors" to your system when they just give the bad guys another way to break in?

Perception is reality.

avatar

tugboat_2

This is a great article but it would be nice to point out how it's currently being transmitted and whether or not it can at least be detected and quarantined. All be it the file will still have to be replaced.

 

Edit: I forgot to add; that it would be pointless to reinstall the browser unloess you know how it got on there wouldn't it?

avatar

Nimrod

i bet this guy gets spammed with friend requests every day now

avatar

Keith E. Whisman

If MS Security Essentials can't fix it then I'm not going to pay another dime for MSE. MSE I want my money back that I didn't pay.

avatar

Jelson

that's funny, just had to say that.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.