Saturday, October 09, 2010

Firefox trojan sets up automatic password saving and keylogging without user's knowledge

Webroot and InfoSecurity are reporting a Trojan that can inject a keylogger and also cause Firefox to store passwords automatically without the user’s direction. On some computers, this could also cause passwords accessed through IE or Chrome to be compromised, too.

The InfoSecurity story is here.  Andrew Brandt, of the Denver security company, has a blog posting in which he says that Firefox will “forego forgetting passwords”, as here.

He recommends downloading the latest Firefox installer from here . It’s interesting that this trojan targeted Firefox first, since Firefox has been considered safer than IE.

Webroot tracked the virus hacker to Iran, and it is not clear that any use has been made of any stolen passwords. However, conceivably an enemy could use a device like this against an institution’s critical systems. It may be a good idea for home users with Firefox to run a scan against the latest definition file soon, before reloading Firefox.

No comments: