Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 993
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)  (Read 6329 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A Firefox Trojan has been found to force the Internet browser to save user passwords and then use those passwords to create a new user account on the infected computer.

Most security  researchers recommend that users tell Firefox not to remember their passwords, since saved ones are so easily extracted by malware.

The Trojan-PWS-Nslog malware discovered by security company Webroot, however, gets around user preferences altogether by actually deactivating the Firefox code that asks if it should save those passwords when the user logs into a secure site.

"Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explained in a blog post on Wednesday. "After the infection, the browser simply saves all login credentials locally, and doesn't prompt the user": http://blog.webroot.com/2010/10/06/patchy-phisher-forces-firefox-to-forego-forgetting-passwords/

Specifically, the Trojan adds a few lines of code and "comments out" other portions of code from the Firefox file called nsLoginManagerPrompter.js, with the result that all passwords get saved locally without any input from the user.

Clues Left Behind

With that information, the Trojan creates a new account under the name "Maestro" on the infected computer. It then "scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox's own password storage, and tries to pass the stolen information onward, once per minute," Brandt added.

The Web domain intended to receive the stolen data has already been shut down, but code inside the malware revealed the author's name and email address, which led Webroot to a Facebook page for a hacker based in Iran who provides a free keylogger creator tool targeting users of Microsoft Windows.

Webroot can easily identify and remove the Trojan from infected machines, it says. To fix the modified Firefox file, users should download the latest Firefox installer and install it over the existing installation. No bookmarks or add-ons will be lost in the process, Brandt said.

How to Make Firefox Forget

Mozilla's Firefox ranks second in global browser market share, according to Net Applications, with 23 percent of the browser market in September: http://marketshare.hitslink.com/browser-market-share.aspx?qprid=0
The first beta release of Firefox 4 for Android phones just debuted this week.

By default, Firefox does remember passwords. To tell it not to, go to the Tools menu and select Options. From there, open the Security tab and uncheck the appropriate box, Webroot advises.

(PCW)

Samker's Computer Forum - SCforum.info





haz

  • SCF Advanced Member
  • ***
  • Posts: 117
  • KARMA: 26
  • Gender: Male
Re: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)
« Reply #1 on: 10. October 2010., 07:29:28 »
Quote
The Web domain intended to receive the stolen data has already been shut down, but code inside the malware revealed the author's name and email address, which led Webroot to a Facebook page for a hacker based in Iran who provides a free keylogger creator tool targeting users of Microsoft Windows.
Intelligent enough to make such a thing, stupid enough to leave his name & email in the code.. that is some thing !
Thanks for the news Samker, I think I wont save any passwords again.

cybero2912

  • SCF Newbie
  • *
  • Posts: 7
  • KARMA: 2
Re: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)
« Reply #2 on: 10. October 2010., 11:01:04 »
who takes care about security should never enabling pw saving feature in any webbrowser !!!

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)
« Reply #3 on: 10. October 2010., 15:25:30 »

... I think I wont save any passwords again.
 



who takes care about security should never enabling pw saving feature in any webbrowser !!!



Exactly, like me... ;)


AllSecurityUp

  • SCF Member
  • **
  • Posts: 39
  • KARMA: 10
    • Free Virus Spyware Adware Registry Scan
Re: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)
« Reply #4 on: 10. October 2010., 17:25:21 »
I'd just like to add that I think storing Credit Card details, or similar, in such a way is also not advisable.
Think before you think you'll do something.
Easy PC Security Tips

amitraina

  • SCF Member
  • **
  • Posts: 86
  • KARMA: 14
Re: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)
« Reply #5 on: 21. October 2010., 05:36:28 »
thnsk for the inf

krrjhn

  • SCF Advanced Member
  • ***
  • Posts: 213
  • KARMA: -5
Re: New Firefox Trojan Steal Passwords (Maestro, Trojan-PWS-Nslog)
« Reply #6 on: 18. January 2011., 12:44:57 »
I like your post !!

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising