Experimenting with new extensions is part of what makes Firefox great, but if you downloaded either the "Sothink Web Video Downloader", or "Master Filer", you probably snagged a nasty Trojan for your troubles. According to an entry on the Mozilla Blog both these extensions contain code which exploit vulnerabilities in all versions of Windows, and were downloaded close to 5,000 times before being spotted.
The extensions in question were contained in the "experimental" area of the official Firefox add-on site, and while it might seem like little consolation for anyone who got infected, users grabbing extensions from this section are warned before download that this could happen. Mozilla employs a special add-on scanner which supposedly checks all new entries for malicious code, but they were forced to acknowledge that the security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog posting. "This scanning tool failed to detect the Trojan."
Mac and Linux users who downloaded these add-on's are unaffected, but anyone who used the extensions in Windows are being warned by Mozilla to delete all traces of the infected file, and run a virus scan. Mozilla is promising to boost the number of times it scans files for malware in the future, and will also step up how often it scans its entire catalog of add-on's.
Does this hurt your trust in Firefox extensions? Or was this bound to happen eventually?
Outlook users beware, According to Red Condor, an email filtering company, bogus Outlook alerts are making the rounds in an attempt to spread banking Trojans, which are used by hackers to access online accounts.
Red Condor said potential victims receive a personalized email message that appears to come from a tech support rep. Adding to the scam's effectiveness, the emails appear to come from the same domain as the target.
The security firm claims to have blocked over a million of these types of messages, which would indicate a botnet is at work and that the hackers are playing a numbers game.
As if there weren't already enough infected websites floating around in cyberspace, security researchers are warning of a new mass injection attack that has already compromised more than 130,000 Internet destinations since the attacks first began in late November.
Researchers say the nasty code is a rogue IFrame being used to exploit visitors and inject their PCs with a banking trojan.
"The injected IFrame loads the first stage of malicious content from 318x.com. A series of IFrames and code redirections (invisible to the user) then ensues, culminating in a rather curious methoed for managing the final payload," explains mary Landesman, serior security researcher at Web security company ScanSafe, now part of Cisco.
Landesman says the redirects are used to determine the potential victim's web browser, Flash Player version, and other details. Using that information, only exploits relevant to that person's setup are used.
If you've been worrying about computer security for awhile, you might remember when macro viruses in Microsoft Word and Excel files were at the top of the exploit list. These file formats, along with the omnipresent Adobe Reader PDF format, are once again among the biggest threat vectors being exploited by today's malware, according to a new report from the Microsoft Malware Protection Center. Fittingly, the full report and a condensed key findings version are available in either PDF or Microsoft's own XPS formats. These reports cover the July-December 2008 period.
Some key findings include:
Scareware (which Microsoft calls "rogue security software") is on the rise, including the latest versions of our old friend Antivirus XP.
A slight reduction in unique vulnerability disclosures from 2007, but the High (most serious) category was larger in the second half of 2008 than in the first half of the year or the second half of 2007.
Applications continue to be the biggest target (86.7%, with browsers at 8.8%, and operating systems at only 4.5%)
Online scammers have contrived an ingenuous way to ride Obama’s rampant wave of popularity. According to Websense Security Labs, certain unscrupulous elements have registered several accounts on my.barackobama.com, the social network on Obama’s website that affords all standard social networking features to users, including personal profiles, groups and blogs.
The charlatans created various accounts on the website and planted a hideous Youtube image with the message, “click here to see movie.” Users who click on the image mistaking it for a Youtube video are redirected instead to a website, which resembles Youtube, but appears to be fraught with pornographic content.
However, when a user proceeds to view one of the videos the website asks the user to download a missing video codec. In its stead is downloaded a Trojan. Further proof of Obama's widespread popularity.
Internet shenanigans are keeping abreast with the latest developments around the world and using it to their advantage. An email doing the rounds around the internet hoodwinks the recipient into believing that it is from CNN. The clandestine email ostensibly contains a link to a “graphic” video of the ongoing Israel-Hamas conflict. However, it leads to a fake website that contains a Trojan that betrays the user’s sensitive data, according to the RSA.
The author of the phishing attack has tried to make the website as plausible as possible. Upon visiting the link, the user is greeted with a message asking him to update his Adobe Flash Player. If the user lends his countenance to the download, a Trojan is downloaded instead of the latest version of Flash
I know it, you know it, almost everybody that reads Maximum PC knows it - but that doesn't mean that your family, your co-workers, or your bosses know it. What's it? Simply this: Microsoft never - repeat never - sends out security updates via email.
The email, ironically enough, claims that "Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users." And, it's signed "Steve Lipner, Directory of Security Assurance, Microsoft Corp."
Well, at least the bad guys got Steve's name right. However, he's actually senior director of security engineering strategy in Microsoft’s Trustworthy Computing Group, according to a recent interview.
The message (minus the Trojan, of course), is available at the Microsoft Malware Protection Center blog, where you can see for yourself the classic hallmarks of a fake message: a shaky command of the English language, sentence construction that's so stiff it belongs on a Victorian-era calling card, and off-the-wall sentiments that show it was adapted from a different con job document: "We apologize for any inconvenience this back order may be causing you." Back order? Whaat? I didn't order any malware!
Already getting calls from frantic family, friends, or co-workers wondering why their PCs have slowed to a crawl or become infested by popups? Join us after the jump for solutions.
You've been told money can't buy you love, but for $1,300, you can buy a Trojan guaranteed to screw the recipient without them ever knowing it's there. Apparently not completely fool proof, security company Prevx discovered the supposedly undetectable super virus now known as Limbo 2 and reports that hackers are selling custom variations of the Trojan. If a variation gets detected, the Trojan can be tweaked to fly under the radar without changing its payload.
Once infected, Limbo 2 not only logs your keystrokes, but it will set a trap by generating spoofed information boxes when victims navigate to certain login pages. Keystrokes, credit card information, and any other personal data it manages to harvest from the hard drive then gets transmitted back to Botnet Central.
These types of Trojans aren't new, but it's Limbo 2's speed and customization that has security vendors concerned. On a broader scale, it's all part of a seedy underground economy driven by stolen data. It's become so prevalent that hackers have had to lower prices and look for new types of stolen data to sell for bigger profits, including health care information and corporate emails.
Script kiddies, move over. Now there's a toolkit that can turn any executable file into a worm, and it's so easy "even a caveman could do it." Find out what makes this new malware creation kit so scary, where it might have originated - and why.
The Register.co.uk website ('Biting the hand that feeds IT') isn't just an industry gadfly: concealed beneath its British-accented snark is a lot of useful news – including this report about a new malware-creation tool that's point-and-click easy.