Posts Categorized: Firefox


Two Days in Vegas: Black Hat in Brief

by

The Black Hat briefings, held Wednesday and Thursday this week, once again brought together some of the best and brightest in the security industry to share knowledge about novel attacks and better defenses against old and new attacks. And, once again, there were some eye opening moments at the conference. Right from the beginning, it was clear the scope of the conference had shifted from the previous year. Conference founder Jeff Moss described a new, more rigorous committee-driven process that Black Hat had begun to employ to scrutinize and vet talk proposals. Talks this year would be more technical, go […]

Continue Reading »

Five Summer Travel Security Tips

by

Ah, summer. Beaches, drinks with little umbrellas, 4th of July fireworks, baseball games, reading long cheesy novels in a lounge chair, teleconferencing with colleagues from your hotel room in Aruba. Wait, what? Yes, it’s true. It takes serious discipline to travel without schlepping along a laptop, smartphone, digital camera, MP3 player, portable hard drive, SD cards, and a host of support equipment. Well, it does for me, anyway. Along with those devices come pitfalls, from loss to data theft. So, in the spirit of safe summer travel, in advance of the big 4th of July travel weekend, what follows are […]

Continue Reading »

Shorty Worm Spams Links, Hijacks Browsers

by

A novel worm we’re calling Worm-IM-Shorty appears to be winding its way through Facebook and some instant messaging services, with its come-on disguised as a link to a photograph hosted elsewhere. But when recipients click the link, they receive an executable Trojan instead, dressed up with the name and icon of a JPEG image. If one double-clicks the file, the Trojan turns the computer into an advertising cash cow for some enterprising malware distributor. The Trojan modifies the active browser’s home page setting to a malicious page on domredi.com, which in turn redirects the browser, at random, to one of […]

Continue Reading »

10 Threats from 2010 We’d Prefer Remain History

by

With 2010 finally behind us, and an unknown number of cyberattacks likely to come in the new year, I thought I’d run down a brief list of the malicious campaigns criminals pulled off last year that I’d really dread to see anyone repeat. Now that they’re in the past, they should stay there. Operation Aurora: Google’s accusation (with Adobe, Juniper Networks, Rackspace, Yahoo! and Symantec) that China hacked its servers, allegedly stealing private emails stored on the company’s servers. The big surprise wasn’t that it was happening, but that companies were publicly talking about it. Abused ccTLDs: 2010 saw lots […]

Continue Reading »

Fake Firefox Update is a Social Engineering Triple Fail

by

Where’s the work ethic, malware geniuses? If this latest example of shenanigans is the best you can deliver, you’re not even trying to generate convincing scams — or even something that makes sense — anymore. One of our Threat Research Analysts pointed me to a Web page hosting a fake update program for Firefox the other day, and the only thing it was useful for was a pretty good laugh. In replicating the Firefox “you’re now running…” page, the malware distributor managed only to build something that looks remarkably similar to a more sophisticated, and ultimately more plausible, scam we […]

Continue Reading »

Search Hijacker Adds Files to Firefox Profile

by

In September, I posted an item about a dropper which we call Trojan-Dropper-Headshot. This malware delivers everything including the kitchen sink when it infects your system. It has an absolute ton of payloads, any of which on their own constitute a serious problem. All together, they’re a nightmare. Among the payloads, we’ve seen this monstrosity drop downloaders (Trojan-Agent-TDSS and Trojan-Downloader-Ncahp, aka Bubnix), adware (Virtumonde, Street-Ads, and Sky-banners), keyloggers (Zbot and LDpinch), clickfraud Trojans (Trojan-Clicker-Vesloruki and at least three other generic clickers), and a Rogue AV called Antivir Solution Pro. So this is one nasty beast that has no qualms about using […]

Continue Reading »

Patchy Phisher Forces Firefox to Forego Forgetting Passwords

by

Every browser can, at the user’s discretion, be set up to remember passwords. In general, Webroot advises most users not to set the browser to store login credentials, because they’re so easily extracted by password-stealing Trojans like Zbot. In Firefox, for example, you can click Tools, Options, then open the Security tab, and uncheck a box that tells the browser to remember passwords entered into Web forms. (The box is checked by default.) But in the course of taking a more thorough look at a Trojan that came to our attention in July, we were surprised to see the Trojan […]

Continue Reading »

Five Reasons You Should Always “Stop. Think. Connect.”

by

Today’s the official kickoff for National Cyber Security Awareness Month, and the organizations supporting the event, including the National Cyber Security Alliance, the Anti-Phishing Working Group, and dozens of corporate citizens including Webroot, want you to protect your computer and your personal information. So they’ve come up with a three word campaign slogan they hope will become conventional wisdom for every Internet user: Stop. Think. Connect. Think of it as the 21st century equivalent of looking both ways before crossing the street. In my case, they’re preaching to the choir. For years, I’ve advocated that people treat everything they see […]

Continue Reading »

Blackhat SEO of Google Images Links to Rogue AV

by

Yesterday, a few of the Threat Research folks and I had a little fun playing with a hack that had, for one day at least, pretty much decimated Google’s Image Search feature. One researcher, who stumbled into the attack purely by chance, found that a Google Images link to a map of the United States was, instead, redirecting hapless Web surfers to pages that deliver an installer of a rogue antivirus in the Security Tool family of fine, fraudulent products. What really caught our interest was how the hack behaved, depending on the operating system and browser you used. With […]

Continue Reading »