What is Digg?78 Comments
- mrtrick, on 10/12/2007, -1/+39"The FormSpy Trojan attacks computers that have already been infected with the Downloader-AXM Trojan..."
Moral of the story is to not let your computer get infected with malware in the first place. - omaryak, on 10/12/2007, -7/+43"Mo' users mo' problems," while cute, is inaccurate. Not only will Firefox always remain more secure because it is not integrated with the OS and uses the open source model, this technically isn't a Firefox problem. If you read the security advisory, the trojan is installed as a Firefox extension via an old flaw in Internet Explorer, so you have to be using Internet Explorer for the extension to be installed. The only problem for Firefox here is figuring out how to protect itself from IE flaws, something it hasn't had to do up until this point.
- 5thfreedom, on 10/12/2007, -5/+41Moral of the story: Don't install firefox extensions unless you know what they are first.
- KnightMareInc, on 10/12/2007, -2/+28"The FormSpy Trojan attacks computers that have already been infected with the Downloader-AXM Trojan"
so you're already ***** anyway, a firefox extension is the less of your worries at that point. - gronne, on 10/12/2007, -48/+74It was just a matter of time. Mo' users mo' problems.
- mooninite, on 10/12/2007, -3/+25Inaccurate. This makes it sound like Firefox is vulnerable when it is not. You have to *ALREADY* be infected by a *WINDOWS* vulnerability to even begin to see a problem.
This is grasping at straws here. Anything could be infected at that point, not just Firefox. - Eldoo77, on 10/12/2007, -17/+39Time for NoScript!
- strudlez, on 10/12/2007, -1/+15"Websites were found to be linking to the FormSpy website hosted at IP address 81.95.xx.xx and installing FormSpy using an old VBS/Psyme exploit targeting Internet Explorer. These websites are believed to have been penetrated and modified by hackers. VBS/Psyme can be detected proactively in Internet Explorer (IE) with VirusScan ScriptScan (VSE8.0i feature) enabled; whilst FormSpy can be detected proactively using the latest DATs and engine.
This is a detection for a malware that was discovered in the wild on July 24, 2005 (PST). Its installer was proactively detected as New Malware.ag (now Downloader-AXM).
It is installed as a Mozilla/Firefox component extension and will forward data submitted in the web browser to a malicious website."
Is it just me, or does the McAfee report say that it uses an IE security flaw to install a firefox extension? - tratch, on 10/12/2007, -18/+31I'm going to quote you because your comment is accurate, but for some reason it's buried.
"It was just a matter of time. Mo' users mo' problems." - inactive, on 10/12/2007, -1/+13As it had been said already. You can only be affected by this "vulnerability" after already being infected by a specific Windows virus.
So yeah... windows only - KnightMareInc, on 10/12/2007, -1/+12Is manually throwing my computer out the window a security flaw in firefox?
- Zero456, on 10/12/2007, -11/+21No, you shut up, because you apparently neither read the article, or the above comments. This has nothing to do with Firefox being "perfect" or "flawless": In order to actually "get" the extension, you have to already have a virus on your computer. Go back to preschool and learn some grammar skills while your at it.
- wicketr, on 10/12/2007, -5/+14Couldn't this be said for ActiveX as well??
What's the difference between malware ActiveX and malware FF Extension? This is not a retorical question. Does anyone know how they differ? Meaning, does ActiveX get greater access to the file system as opposed to extensions, or do extensions also have access to the file system? - furst, on 10/12/2007, -10/+19Why are people modding this down? NoScript is a good way to go about this.
http://www.noscript.net/whats - gildude, on 10/12/2007, -3/+12That's true; I agree. Also it would be nice if the ones that are real and all would be signed. I've never found one that I use to be signed (adblock+, filterset.g, and noscript) as far as I can remember none of them are signed. It would be nice if they were though.
- Kuipo, on 10/12/2007, -2/+9@Genma
That's not exactly true either since you have to actually USE IE before you get infected. Simply never use IE and you won't get the Trojan Extension. To say that FireFox has a legitimate security exploit because you got a virus from another program is like saying a bank has a security exploit in it's security system because a another bank is giving out keys to the first bank's safe.
You're only getting a virus in FireFox because your machine is already infested. - omaryak, on 10/12/2007, -1/+8I'm tired of hearing about "security flaws" that result from a user deliberately installing something he shouldn't. One "flaw" in Mac OS X similarly required a user to download something, unzip it and enter his system password before it would install. These aren't flaws; these are called "you can't fix stupid."
- CupBeEmpty, on 10/12/2007, -0/+6Good lord you would have to be an awful person to get this
- AugustZephyr, on 10/12/2007, -3/+9Obviously Firefox is not the source of this vulnerability. Long Live the Fox!
- joemawlma, on 10/12/2007, -10/+15@Zero456
"Go back to preschool and learn some grammar skills while your at it."
While I can agree with you on the fact that inferno needs to STFU, you may want to actually spell "YOU'RE" correctly before criticizing someone's grammar skills. - bdmbdm, on 10/12/2007, -1/+6@wicketr
I believe that would make the dumb user the vulnerability. ;) - bigdaddyk, on 10/12/2007, -0/+5::sigh:: I guess since nobody else did, I have to be the first to mention that "Trojan" and "piggyback" should not appear together in anymore headlines.
- WaterDragon, on 10/12/2007, -1/+5Hmmmm....and Macafee already identified it.
Why am I not in the least bit worried?
Oh...I guess it is because I have Kaspersky AV.
Case Closed! heh heh - omaryak, on 10/12/2007, -1/+5If I remember correctly Firefox had an infobar for installing plugins and extensions before IE released IE6 SP2. But you are correct; since I switched away from Internet Explorer, and later Windows, I haven't been able to experience MS's latest attempts to batten down the hatches on its browser.
- shakin, on 10/12/2007, -3/+7"I'm sure you could manually install the Extension, which would make it a vulnerability."
Maybe. After you click the link, see the yellow warning bar, click the options button, manually add the host to your white list, click 'ok', click the malware link again, wait for the timeout, then click 'install'. Plus, it still can be uninstalled by removing the extension, unlike every other kind of malware that can hide its presence.
This isn't like the IE exploits that could install onto your computer after you clicked 'ok' on a single dialog box. This thing takes a lot of work to install! - omaryak, on 10/12/2007, -0/+4My mistake. I reread the security advisory and it comes from clicking on a link to a malicious Web site. Apparently the link installs the Firefox extension using an Internet Explorer exploit (something that took time to wrap my mind around). So apparently IE's security is so bad that it can affect other programs installed on a Windows machine. But I do see now how this is a Firefox flaw: surely Firefox can be reprogrammed not to allow installation of extensions without user intervention, even on an infected machine. Am I right?
- fatdog789, on 10/12/2007, -0/+4You guys aren't getting the implication here.
The important part ISN'T that FF is the source of the infection, because it's not.
The important part is that the trojan installs ANOTHER TROJAN in FF, which virus scanners may or may not be able to detect. Which means it suddenly has access to all your passwords, cookies, url history, etc.
Why is this a big deal? Because virus scanners may not detect it; it's JS, and that's not usually scanned. That means it could stick around after you've "cleaned" the system and reinstall other trojans. Furthermore, it may ask users to update it and provide an innocent description of itself. Most people would be none the wiser if they didn't watch their extensions like a hawk (ie, the people most likely to be infected anyways). - omaryak, on 10/12/2007, -3/+7ActiveX is worse because it can be installed through a popup dialog box which most people ignore. You have to download an extension to be able to install it.
- spenceman01, on 10/12/2007, -2/+6"I've never found one that I use to be signed"
They are few and far between, but the Google Toolbar extension is signed: http://www.google.com/tools/firefox/toolbar/index.html - omaryak, on 10/12/2007, -0/+3FF will always be more secure because it is not integrated with the OS, and the open source model allows flaws to be found and fixed faster.
- xr56n44, on 10/12/2007, -1/+4as usual, cnet writes a crap story with vague language, no details, and inacurate to boot.
- wvdavis, on 10/12/2007, -0/+3@ Escamillo β βin order to install an ActiveX control, one must jump through hoops with the info bar (a concept FF stole from IE)β.
Firefox does not use ActiveX or VB Scripting for that matter. Therefore Firefox could not have stolen this concept from IE, because IE still uses it. - drag, on 10/12/2007, -1/+4What it realy goes to show is that security is a proccess, not something that can be handed to you by a application.
As you probably already know the reason this happenned is because the operating system (windows) that firefox is running on is vunerable to a number of attacks. Once the machine is taken care of by the attacker they can do anything to any apps housed on this machine.
In other words... No matter how strong you build a house (In this case firefox) it cannot stand if the foundation is crap. (In this case Windows) - fatas, on 10/12/2007, -0/+2Morons like this should sacked from Cnet.
Mommy can I be a reporter. - OBKenobi, on 10/12/2007, -4/+6Using Windows is a security flaw in Firefox.
- omaryak, on 10/12/2007, -0/+2My mistake was believing that you had to download the extension for it to install (see my comment above). But in general, when you have to go through several dialog boxes and in effect say to the computer "Yes, I want this," before something becomes a security flaw, I don't think it deserves to be called one.
- Bladerunnerx, on 10/12/2007, -0/+2Read
http://forums.mozillazine.org/viewtopic.php?t=443368 - Hurricane, on 10/12/2007, -0/+2Am I wrong or doesnt Firefox warn you that an extension is tryin to be installed, and even counts down like 10 seconds to allow you time to cancel it, and you still have to OK ANY extensions before they install?
Seems like resources to help stop this were built in before there was such a thing. - Escamillo, on 10/12/2007, -4/+6"ActiveX is worse because it can be installed through a popup dialog box which most people ignore. You have to download an extension to be able to install it."
------------
This hasn't been true for a long time now, since XP SP2. Now, in order to install an ActiveX control, one must jump through hoops with the info bar (a concept FF stole from IE). It's not possible to "ignore" the infobar like you could with popup dlgs. - inactive, on 10/12/2007, -1/+3Moral of the story, is rtfa they didnt install and extension
and fire fox has a warning box unlike most others.. you cant click on install for several seconds..
there is none of this"reaction clicking" you actually have to stop and see what is going on. - omaryak, on 10/12/2007, -2/+3That's why people shouldn't install extensions they don't know the source of in the first place.
- inactive, on 10/12/2007, -2/+3@omaryak: "I'm tired of hearing about "security flaws" that result from a user deliberately installing something he shouldn't."
This is the way 99% of the viruses use to infect your machine. So yes, it's a security flaw indeed. - 5thfreedom, on 10/12/2007, -0/+1I've read the article several times and nowhere does it say that the extension is installed without any input from the user. If this is the case then I would have appreciated more clarity from the author of the article. It is my experience that FF warns the user before it installs any extensions. This experience is the basis of my first comment.
- inactive, on 10/12/2007, -1/+2Yall should read the article before coming down on firefox
It is more proof of concept than working virus
Plus it isnt an extension you download... it is an extension a trojan installs
Just wait until opera gets more popular.
I use opera as well as firefox, but i like firefox too much..
and yeah i have read on how to make opera do what firefox does, but it is a far bigger pain making opera do whatmy firefox does than just using firefox. - omaryak, on 10/12/2007, -1/+2OS integration... a claim so baseless Microsoft used it before the DOJ to win the antitrust suit against it.
- omaryak, on 10/12/2007, -0/+1No, installing extensions is as close to idiot-proof as it gets, with several gates to go through to get them installed. The reason this one gets by is because the machine is already infected and Firefox gets attacked from the outside.
- Thors1982, on 10/12/2007, -1/+2hehe, I used firefox for about 2 years and now im using opera
I think there are problems with all 3 browsers.... IE has the most now obviously ... but IE7 will help. In fact I aw a few features I want. Also, im excited about Firefox 2. :-) I am sure i will be changing again.
I am not refering to Firefox's problems being this article either... I have other issues with it. Still its a great browser. But im using opera 9 now :-)
im 100% sure ill get dugg down, becuase i mentioned IE7 and opera, lol - Hurricane, on 10/12/2007, -0/+1ONLY use Firefox extensions that are cleared with the Mozilla site.
- Schrade, on 10/12/2007, -0/+1NoScript is indeed good but is irrelevant to this particular instance. You can only get infected by using IE, IETab, or physically running an executable that will copy the extension to your Firefox extensions folder.
- ziadoz, on 10/12/2007, -1/+1This was always coming and just like IE6 (with SP2) only the user can decide whether or not they get infected.
-
Show 51 - 78 of 78 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is