First Firefox Malware : Trojans using Firefox Add-on DisguiseRoll your mouse over topics to expand them... :)
Information On MalwareClick Here [ Hide Me / Collapse ]
( Trojan-Spy:W32/Banker.IVX, Win32/Inject.NBT trojan, Troj/Bancos-BEX, TR/Drop.Small.abw )
| Spreading: | very low |
|
| Damage: | very high |
| Size: | 22kB |
| Discovered: | 2008 Nov 28 |
Click Here [ Hide Me / Collapse ]
Presence of the:
"%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll"
"%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"
files in the Mozilla Firefox's plugins and chrome folders.
Click Here [ Hide Me / Collapse ]
It filters the URLs within the Mozilla Firefox browser and whenever encounter the following addresses opened in the Firefox browser it captures the login credentials.
akbank.com
caixasabadell.net
credem.it
areasegura.banif.es
banca.cajaen.es
openbank.es
poste.it
banesto.es
carnet.cajarioja.es
gruposantander.es
intelvia.cajamurcia.es
net.kutxa.net
bancopastor.es
bancamarch.es
caixamanlleu.es
elmonte.es
ibercajadirecto.com
bancopopular.es
bancogallego.es
bancajaproximaempresas.com
caixa*.es
caja*.es
ccm.es
bancoherrero.com
bankoa.es
bbvanetoffice.com
bgnetplus.com
bv-i.bancodevalencia.es
clavenet.net
fibancmediolanum.es
sabadellatlantico.com
arquia.es
banking.*.de
westpac.com.au
adelaidebank.com.au
pncs.com.au
nationet.com
online.hbs.net.au
www.qccu.com.au
boq.com.au
banksa.com
anz.com
suncorpmetway.com.au
quiubi.it
cariparma.it
bancaintesa.it
popso.it
fmbcc.bcc.it
secservizi.it
bancamediolanum.it
csebanking.it
fineco.it
gbw2.it
gruppocarige.it
in-biz.it
isideonline.it
iwbank.it
bancaeuro.it
bancagenerali.it
bcp.it
unibanking.it
uno-e.com
unipolbanca.it
carifvg.com
cariparo.it
carisbo.it
islamic-bank.com
banking.first-direct.com
natwestibanking.com
itibank.co.uk
co-operativebank.co.uk
lloydstsb.co.uk
mybankoffshore.alil.co.im
abbeynational.co.uk
mybusinessbank.co.uk
barclays.com
online.co.uk
my.if.com
anbusiness.com
hsbc.co
anbusiness.com
co-operativebankonline.co.uk
halifax-online.co.uk
ibank.cahoot.com
smile.co.uk
caterallenonline.co.uk
tdcanadatrust.com
schwab.com
wachovia.com
bankofamerica
kfhonline.com
wamu.com
wellsfargo.com
procreditbank.bg
chase.com
53.com
citizensbankonline.com
e-gold.com
paypal.com
usbank.com
suntrust.com
banquepopulaire.fr
onlinebanking.nationalcity.com
Click Here [ Hide Me / Collapse ]
Step1of2.
Close Your Firefox
Step2of2.
Install latest BitDefender (as they found it) and let it search and destroy the malware.
__________________________________________________
Bitdefender released information on this threat naming it as
Trojan.PWS.ChromeInject.A, which spawns with the execution of Firefox and poses as a Plug-in to it, mainly works on Key Banking... can get access to all your passwords entered in the Password boxes opened in Firefox Browser.
The
ChromeInject suffix refers to the Chrome component Firefox has. This malware infects your machine via drive-by download or download duping.
Once installed on the machine it
registers itself as a fake 'GreaseMonkey' (a great firefox add-on for website customization using javascripts), and using javascript checks your machine for mainly banking passwords of more than 100 sites (like PayPal, etc.).
All this sensitive data collected by it is then transferred online to a
server supposed to be located in Russia.
So, don't stop using Greasemonkey... but make sure you download it from
Mozilla.com, so that you don't fall pray to malware.
__________________________________________________
Posts
No comments:
Post a Comment