digg

Facebook Connect Join Digg About
See the original image at arstechnica.com

New trojan targets Firefox, masquerades as Greasemonkey

arstechnica.com Historically, malware attacks that target a single browser are aimed at Internet Explorer, but at least one badware author has decided to go after a smaller market. Say hello to the first Trojan specifically designed to ensnare Firefox users and those curious about Greasemonkey.

Who dugg this? Made popular Dec 6, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

76 Comments

show profanity settings
expand all
  • sruffelman, on 12/05/2008, -3/+73It was only a matter of time. Hopefully if we publicize this enough, fewer users will fall for it before Mozilla has a chance to block it.
  • MakiMaki, on 12/05/2008, -0/+39And here's the full list of the banking institutions that the trojan targets. This wasn't mentioned in the article:

    http://www.bitdefender.com/VIRUS-1000451-en--Troja ...

    Basically, be careful of the greasemonkey scripts you install (only trust reputable sources/people) and you'll be fine. I think using a real-time virus scanner like Avast (free) would help a lot too.

  • gotjpeg, on 12/06/2008, -0/+29my library card? those bastards!
  • TheWindBlows, on 12/05/2008, -6/+33"searching your hard drive for... ...your World of WarCraft account information, and your library card number. "
    WTF!!!? LULZ!

    Sounds like some serious nerdism going on here. Just messing we all love world of warcraft and to check out millions of books. RIGHT?
  • cday, on 12/06/2008, -9/+25Hmmm, Firefox is a cross-platform browser. Yet the article mentions things like ActiveX and updating Anti-virus suites...soooo, could it be this trojan, masquerading as a greasemonkey plugin, only works on Firefox installed on Windows systems? Ya think? How come no one ever mentions this fact? After all, Windows isn't the only operating system in the world, it just gets all the attention because it's got so many problems.

    BTW, don't forget to patch your Windows machines next Tuesday.

    (See there? Us Linux users can be every bit as smug and annoying as Mac people. Don'tcha just hate it? :o)
  • twiztidsinz, on 12/06/2008, -2/+15Anyone got a link for "2 Girls 1 Cup 2 Fast 2 Furious"?
  • watcht, on 12/06/2008, -0/+12so this is what happens when you have one too many tabs opened in digg.
  • fatas, on 12/06/2008, -7/+16It only affects Windows lusers
  • watcht, on 12/06/2008, -0/+8It's a pretty awesome little extension for firefox which runs scripts to add on features to your browser experience whether it be adding more functionality to gmail's interface to saving youtube videos or copying ieem's streams into mp3s for some of the original scripts. The features are infinite with this little extension.
  • mrBitch, on 12/06/2008, -0/+8While you may have posted in a "smug and annoying" way, at least your content is factually correct. This particular trojan only works under Windows.
  • JasonHaley, on 12/06/2008, -1/+8RTFA... Actually, not even that.. read the ***** TITLE!

  • tehchicken, on 12/06/2008, -1/+8Wow, very subtle advertising...
  • Pookatooka, on 12/06/2008, -0/+6I probably sound dumb, but what's Greasemonkey?
  • benologist, on 12/06/2008, -2/+7That approach has never helped anyone else.... only a select group of people actually use the kind of sites that publish that kind of information, the rest just use the software.
  • akula89, on 12/06/2008, -0/+5unfortunately, because it's such a powerful addon it exposes Firefox to security vulnerabilities if the user isn't especially careful with which greasemonkey scripts they install
  • bryceman111, on 12/06/2008, -0/+5Oh, no, the smug, it's coming! Run! GET INSIDE!
  • angrykeyboarder, on 12/06/2008, -0/+5Yer best bet is to only install addons from addons.mozilla.org. In fact I will only install from there. If a developer doesn't link to AMO on thier website, I'll go to AMO on my own and search for their extension. If it's not there, then it's a no go.
  • JasonHaley, on 12/06/2008, -0/+5top
    kill brain
    q

    ...haha a linux joke that'll get buried for no doubt.
  • cday, on 12/06/2008, -0/+4@thefinger, don't be such an ass.
  • Hilyin, on 12/06/2008, -0/+4Is this cross platform, or just Windows?
  • Chjoma10, on 12/06/2008, -2/+6G-damn it.... greasemonkeys!!!!
  • neFariou5, on 12/06/2008, -0/+4You first.
  • StankInTheBank, on 12/06/2008, -0/+4Thanks for including in the article how to tell if you're infected! Because who could ever want to know that.
  • benologist, on 12/06/2008, -1/+5Enjoy getting your account banned and all your comments purged. :)
  • Rolcol, on 12/06/2008, -0/+3I'd actually like to install this in a VM with snapshots to look at the network traffic and what it changes on the hard drive. Anyone have a link?
  • Fergy, on 12/06/2008, -0/+3This is just a normal type of trojan that has been around forever. The trojan doesn't target Firefox it merely hides in it. You can't get it by surfing the internet with Firefox; only by installing the trojan. If you install greasemonkey from the official Mozilla repository you don't have the trojan or are vulnerable to it.

    This has been a horrible headline and short description.
    False "New trojan targets Firefox"
    True "masquerades as Greasemonkey"
    True "Historically, malware attacks that target a single browser are aimed at Internet Explorer" (because you would get it by surfing with IE)
    False "the first Trojan specifically designed to ensnare Firefox users and those curious about Greasemonkey" (it's designed to infect windows and hides in Firefox masquerading as Greasemonkey)
  • benologist, on 12/06/2008, -0/+3They took so long because the "Report it" links on comments doesn't really do anything.

    Report people using the contact form and they get deleted in minutes:
    http://digg.com/contact
  • frieddonuts, on 12/06/2008, -0/+3why the hell haven't they banned you yet?
  • akula89, on 12/06/2008, -1/+4I wouldn't say it hasn't helped ANYONE..
  • myadron, on 12/06/2008, -0/+3OK, bye.
  • MakiMaki, on 12/06/2008, -0/+3Haha I hear ya. I was really surprised when I got that message for the first time (had my audio way up). :)
  • watcht, on 12/06/2008, -0/+2Hmm seems like the script kiddies may have found a new playground.
  • ch40sBr1ng3r, on 12/06/2008, -1/+3This is downright dirty and kind of insulting actually.
  • TheGuruStud, on 12/06/2008, -0/+2noscript FTMFW (along with nod32, outpost firewall and spybot)
  • sinalmighty, on 12/06/2008, -0/+2with over 8mil people playing it i highly doubt one little virus is gonna stop it, plus whats wrong with WoW? i guess ur girlfriend left you for a pally...
  • inactive, on 12/06/2008, -0/+2This article sounds like free publicity for BitDefender. Everybody panic!!! But wait we are not quite sure what you should panic about yet. Oh, but don't forget to buy this incredible antivirus product, you'll find out more details what to panic about.
  • arjie, on 12/06/2008, -0/+2I had to scroll all the way down here to see a comment like this. To install an extension from anywhere but the mozilla repository you have to jump through hoops that warn you repeatedly.

    I hate how so many developers just host their extensions on their own site and ask you to ignore the warnings. That and it's annoying how they don't sign their extensions.
  • imitokay, on 12/06/2008, -2/+4god I love avast,

    clearly, some would argue it's not the best

    but I'll refer you to this quote- "Your virus database has been updated"

    it talks at me!
  • bonez56, on 12/06/2008, -1/+3I see what you did there
  • frieddonuts, on 12/06/2008, -0/+2haha I didn't reply to you did I?
  • jamesmcm, on 12/06/2008, -0/+2Just Windows, basically it uses a bug in firefox to execute it's own binary (windows) code.
  • mrBitch, on 12/10/2008, -0/+1@ Cglass RE: " Probably because the author wanted to have more than six or seven people to target. "

    Your sad attempts to lash out in stupid anger can't quite hide the fact that the REAL reason this Trojan runs so well under Windows is because Windows is STILL such a badly designed and easily exploited OS.
  • thefinger, on 12/06/2008, -2/+3Do you mean the trojan or greasemonkey?
  • thefinger, on 12/06/2008, -1/+2not really
  • natenovs, on 12/06/2008, -1/+2but it could executive code for mac or linux, because the exploit is in firefox - not the os. your confusing "exploit" and "payload" here. the exploit is cross-platform, but currently, the payload isnt.
  • Cglass, on 12/06/2008, -3/+4Probably because the author wanted to have more than six or seven people to target.
  • XeroXenith, on 12/06/2008, -1/+2WoW *is* a virus.
  • jamesmcm, on 12/06/2008, -3/+4Don't worry, it only affects the Windows version of Firefox.
  • hulkamaniaz, on 12/06/2008, -1/+2Get the word out!
  • JasonHaley, on 12/06/2008, -1/+2I dunno, I'm as lazy as you when it comes to reading articles and even other people's comments.. So I guess you'll just have to wait until we're infected to find out the answer!

    READING SUCKS!!!1
  • Fetching more discussions...
    Show 51 - 77 of 77 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.