Spyware takes aim at Mozilla browsers

Security experts are advising that spyware that targets browsers from the Mozilla Foundation has been spotted--a threat that could worsen as its Firefox browser takes market share from Microsoft.

Stu Sjouwerman, the founder of Sunbelt Software, said on Tuesday that the anti-spyware company has discovered what it believes is the first spyware to take aim at surfers using Mozilla browsers.

Richard Stiennon, vice president of threat research at Webroot Software, which also develops anti-spyware tools, said that the malicious software does not target Firefox specifically.

"According to my research team, this site does not target Firefox, but it does target Mozilla," Stiennon said. "(It's) only a matter of time now until a Firefox spy is discovered."

Although the spyware is only installed if users agree to download a certain file, many users are likely to click through, as the download's dialogue box gives no indication of the file's malicious payload, Sjouwerman said.

"It's done in a way that people might not recognize as a normal install, and will work in Firefox," Sjouwerman said. "It's not a full-fledged spyware attack yet, but it definitely shows where it's going."

Experts believe that Mozilla-based browsers such as Firefox have become a greater target for spyware as their market share has rapidly increased over the last six months--from 2.4 percent in May to 7.4 percent in November, according to Web traffic measurement company OneStat.com. Firefox has said that it is aiming for 10 percent of Web surfers by the end of 2005.

Writers of viruses and spyware for browsers have typically concentrated on Internet Explorer, because of its near-total market dominance. But that could be changing now that Firefox is making gains at the expense of Microsoft's browser.

Sjouwerman said that "stealth spyware" targeted at Firefox is "bound to happen" as hackers are currently working hard trying to find security holes in the open-source browser. "There's a small army of rogue programmers that are tearing Firefox apart," he said.

But Graham Cluley, a senior technology consultant at security company Sophos, said he is not sure what type of spyware will target Firefox.

"It's hard to predict precisely what form spyware for Firefox may take, as it will depend in part on what security flaws may be found in the Firefox code in the future, and how quickly the community responds to patch those vulnerabilities," Cluley said.

David McGuinness, a Mozilla contributor, said Firefox protects PC users by displaying a yellow information bar if a site that is not Update.mozilla.org tries to automatically install code. But he warned that it will be more difficult to protect systems against a stealth install.

"It all boils down to user education. People can install applications with variable amounts of effort from all browsers. It's the stealth attacks that are the problem, where people get infected without running anything themselves," McGuinness said.

Ingrid Marson of ZDNet UK reported from London.

[hion2000]

There already is spyware for Firefox...

...but it requires social engineering to work.

Unlike Internet Explorer, there aren't any known security vulnerabilities that can cause spyware to be installed on your website simply by viewing a malicious webpage. As such, spyware can only be installed through Firefox using the XPI system.

Firefox automatically blocks any incoming links to an XPI (except for Mozilla's own site) and displays a very visible warning above the page you are viewing. If users really want to run the XPI file, they have to manually unblock the link, and try the link again. Even after that, Firefox will still ask you if you really do wish to install the XPI, and mentions that it could be damaging. In addition, there's a two second delay where the install button is disabled, to make sure that you read the warning message.

As such, spyware can only be installed by social engineering (and even then, should only happen to the more gullible users).

Good to hear

Although I wouldnt call it a hole or a flaw. If you were REALLY good at social engineering you could also theoretically get people to send you their IP Address, Username and Passwords for their computer...

Firefox 1.0 has vulnerability

Please note that there is sadly a weakness with Firefox 1.0 and it should not have been released without this corrected:

- Bookmarks can vanish suddenly - you need a technical experience to back your folders. The bookmarks that are there get jumbled in the folders.

I suffered because of this and lost nearly all the
bookmarks. Sadly there is not any assistance on the forums or ability of novice or technical possibility of getting these.

Email client, Thunderbird 1.0 has vulnerabilty also

Also Mozilla Foundation, that produced Firefox also has an email client, Thunderbird, competing with Outlook. This too sadly has a vulnerability.

- Your email messages, even if you delete them, will not get deleted, they are just invisible, this can be a problem later, I have read. You need to click Compact on the menus.

I tried Compacting but there is not a proper system, the Compact process message just does not turn off. There is not any way of telling has the Compacting being done or not.

There is not any help for novices if this happens.

[sanenazok]

Sorry to hear 'bout bookmarks

To back them up just do a search on your 'puter for bookmarks.htm. You might need to turn on searching for hidden files.

You can also read about backups here:
http://kb.mozillazine.org/Firefox_:_Tips_:_Backup
Or if you want a forum:
http://www.techzonez.com/forums/archive/index.php/t-12005.html