Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: FFSpy, a firefox malware PoC
From: FUDder Guy <fudderguy () gmail com>
Date: Mon, 25 May 2009 23:54:55 +0530

On Mon, May 25, 2009 at 8:26 PM, saphex <saphex () gmail com> wrote:
This isn't about making the user install a malware add-on. It's about
gaining access to the system trough an exploit, or physical access,
modify an existing add-on with your code. And Firefox wont even
notice. Instead of installing a fancy rootkit or keylogger, just go
straight to the browser, simple. Go tell your average user to check
the codebase of the plug-ins he has installed in is Firefox from time
to time in order to make sure they haven't been tampered with, yeah
good choice...........


I agree that attacking Firefox is a simpler way to carry out the
attack than installing rootkit or keylogger. However, this is no
simpler than asking someone to download a cool game, script of
screensaver from my site.

Moreover, only addons.mozilla.org and update.mozilla.org are set as
allowed sites for addon installations by default in the browser. If
one tries to install addons from other site, Firefox issues a warning.
So, this is pretty good. As far as the possibility of malicious addon
on Mozilla site is concerened, the probability is pretty low as the
addons on the Mozilla site appear for download only after a review
process.

So, I don't see this type of attack particularly more dangerous than a
user downloading a software or script with trojan and running it. I
also don't see this type of attack any simpler than fooling a user to
run a cool game or script.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault