Trojan cloaks itself as Firefox extension

Security vendor McAfee Inc. has detected a new piece of malicious software that masquerades as part of the Firefox Internet browser.

Security vendor McAfee has detected a new piece of malicious software that masquerades as part of the Firefox Internet browser.

McAfee calls the Trojan horse "FormSpy." Trojan horses are programs, often attached to spam e-mail, that appear innocuous but are harmful to a computer.

FormSpy is downloaded to a computer that is already infected with another Trojan horse called "Downloader-AXM," McAfee said. That Trojan was recently detected in e-mail spam messages.

Downloader-AXM contacts servers to download other malicious programs to a computer without a user's knowledge, according to McAfee. Once downloaded, FormSpy installs itself as a Firefox extension.

The program appears as "NumberedLinks 0.9" extension, McAfee said. The extension normally would allow a user to navigate links by numbers using the keyboard rather than a mouse.

Then, FormSpy can transmit information in a Web browser to another Web site, which could include credit card numbers, passwords and electronic banking pin numbers, according to McAfee. FormSpy can also steal e-mail, ICQ instant messaging service and FTP (file transfer protocol) passwords, it said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ICQMcAfee Australia

Show Comments