A crappy thing happened last week – someone wrote some malware that infects Firefox. We obviously don’t like that very much at all, but I wanted to at least make it clear what is and isn’t happening, since there’s some confusion out there.
What is going on?
Basically for as long as there has been software, there have been nasty people out there who get you to download and install software which turns out to have hidden cargo. Security folks use names like “virus,” “trojan,” “worm,” and “malware” to describe different types, but the point is that if a person can be tricked into running nasty programs, they can do nasty things.
In this case, rather than wiping your hard drive or turning all your icons upside down, this particular jerk has decided to mess with your Firefox. Once you run the program, it hooks into your Firefox and watches for you to visit certain sites, at which point it will steal your username and password.
How Can I Tell If I Have It?
You can open up your Firefox addons manager (Tools->Add-ons) and go to the “Plugins” section. If you have a plugin called “Basic Example Plugin for Mozilla” you should disable it.
Original credit to TrustDefender Labs’ blog post on the subject
Does This Mean that Firefox is Insecure?
No, and here’s why:
- This particular malware targets our program, but once you have malicious software running on your system, it can just as easily attack other programs, or harm your computer in other ways.
- This isn’t contracted by just browsing around the web with Firefox 3. In fact, the Malware Protection features in Firefox 3 are designed specifically to prevent sites from being able to attack your computer.
The people getting infected here are either downloading enticing files that have the malware hiding inside (which is why Firefox 3 hands off all downloads to your computer’s virus scanner once downloaded) or, as some sites are reporting, people who have already been infected in the past having their computers forced to download this file as well.
Typical Firefox 3 users who avoid downloading software they don’t trust are unlikely to ever see this, and even the sites reporting it describe its incidence as “rare”.
What’s this I hear about GreaseMonkey?
There are some mentions of greasemonkey in a couple of the early reports based on some analysis of the code used by this malware, but I want to be clear that the (legitimate, and awesome) Greasemonkey Addon is not involved in this malware in any way. It is not involved in the installation or execution of the attack.
As always, the best defense is vigilance. Use a browser with a solid security record and modern anti-malware defenses built in, and be very careful about downloading and running programs you find online. If a bad guy is able to get you to run a program on your machine they will be able to do bad things, so we’ll keep trying to stop them and you keep trying to as well.
More details are also available on the official Mozilla security blog.