Trojan Horse Mozilla Firefox Extension

mozillaZine posted an article/warning on Thursday, July 27th, in regards to a Trojan Horse Mozilla Firefox Extension. The Trojan Horse, dubbed by McAfee as FormSpy and Sophos as Troj/FireSpy-A is installed by a Windows malware known as Downloader-AXM. This piece of malware is used to download and install various Trojan Horses. For Firefox users, it downloads and silently installs (bypasses the installation warning) a modified version of Numbered Links 0.9 extension. While Numbered Links 0.9 is a legitimate extension the Trojan version will capture and send banking info along with passwords entered in Firefox as well as those for ICQ, IMAP, FTP and POP3 to a remote computer.

So, you ask how does this happen and how does this Downloader-AXM get onto a users computer? The process is quite simple and yet avoidable. The Downloader-AXM is an e-mail attachment contained in an e-mail claiming to be an order confirmation from WalMart.com. When users open the attachment, Downloader-AXM is installed and it then scans the computer for software it can exploit. It also known to take advantage of a 3-year old exploit in IE. When running Firefox FormSpy will install the modified Numbered Links 0.9 extension.

To check for infection, simply review your extensions list via Tools Menu and Extensions (note FF 2.0 users select Add-Ons. If it is in the list and you did NOT install this extension prior chances are your computer is infected. Take a look at McAfee virus profile of FormSpy for more information.

A couple things to keep in mind, McAfee has declared FromSpy as a low risk virus. Further the only way FormSpy is going to get on your machine is if you open the e-mail attachment from the bogus WalMart.com e-mail. Most users know better than to open e-mail attachments and further most anti-virus programs scan incoming e-mail attachments.

2 Comments on Trojan Horse Mozilla Firefox Extension

  1. Blogs, news and more! | January 10, 2007 at 6:48 PM |

    very nice blog!mary

  2. Good post, I actually came upon it on accident. You can actually make money now for good articles. At SayItAloud you can write good articles like you already have, but you can get better exposure and earn some decent money in the process. No matter what you decide I bookmarked your page. You can check out my site by clicking on my name.%d%a%d%aGoodluck and I look forward to your future postings.

67 Trackbacks & Pingbacks

  1. The Blog Year In Review: August 2006 « Firefox Extension Guru’s Blog
  2. Mozilla Firefox Add-Ons Download Site was Harboring Malware | IT Works
  3. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Cat-Tec
  4. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Systim Technology Partners
  5. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Comprehensive Data Services
  6. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Smarthost Design Technologies
  7. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Jio
  8. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Where to Start
  9. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Computer Fellows
  10. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Egis Technologies
  11. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Hanebutt Technologies
  12. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Atlantec, LLC
  13. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Proactive Network Technologies
  14. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Integrated Technologies of Kansas
  15. Mozilla Firefox Add-Ons Download Site was Harboring Malware | ProTech Networks
  16. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Professional Computer Management Inc.
  17. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Business Technology Consultants
  18. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Enstep Technology Solutions
  19. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Direct Tec Inc.
  20. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Sirona Solutions
  21. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Silvertip IT
  22. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Autonomix Inc.
  23. Mozilla Firefox Add-Ons Download Site was Harboring Malware | The Techsperts
  24. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Veracity Technologies
  25. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Nerds on Wheels
  26. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Shannon Associates
  27. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Mnk EMR
  28. Mozilla Firefox Add-Ons Download Site was Harboring Malware | RightHand IT
  29. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Evolve Technologies
  30. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Systems Support
  31. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Advanced Network Solutions
  32. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Allarus
  33. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Integration Technologies, Inc.
  34. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Greg Mason
  35. Mozilla Firefox Add-Ons Download Site was Harboring Malware | itSynergy
  36. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Harrison Tech Consulting
  37. Mozilla Firefox Add-Ons Download Site was Harboring Malware | BroadSpin Insight Solutions
  38. Mozilla Firefox Add-Ons Download Site was Harboring Malware | NEOS Technologies
  39. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Evolve IT
  40. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Data Balance
  41. Mozilla Firefox Add-Ons Download Site was Harboring Malware | WorkSmart
  42. Mozilla Firefox Add-Ons Download Site was Harboring Malware | UniComData
  43. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Virtual Networking
  44. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Expetec-Chicago Loop
  45. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Aspendora
  46. Mozilla Firefox Add-Ons Download Site was Harboring Malware | TMR
  47. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Matrix
  48. Mozilla Firefox Add-Ons Download Site was Harboring Malware | CCR
  49. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Equal IT
  50. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Compunet Technologies
  51. Mozilla Firefox Add-Ons Download Site was Harboring Malware | TotalCare
  52. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Resource One
  53. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Agape Computing
  54. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Adkins Technologies
  55. Mozilla Firefox Add-Ons Download Site was Harboring Malware | I.T. Service Corporation
  56. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Clingman Tech
  57. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Stephill Associates
  58. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Brain Trust Technologies LLC
  59. Mozilla Firefox Add-Ons Download Site was Harboring Malware - Achill Computer Services, Inc
  60. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Next Step Technology
  61. Mozilla Firefox Add-Ons Download Site was Harboring Malware | SierraOne Consulting
  62. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Detangle IT
  63. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Network Computing Group, Inc.
  64. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Currant Group
  65. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Driven Technologies
  66. Mozilla Firefox Add-Ons Download Site was Harboring Malware | Proactive Networks
  67. Mozilla Firefox Add-Ons Download Site was Harboring Malware | TCG Computer Services

Comments are closed.