HomeCommunitySecurity Blog

Security Blog

 

Trojan-PWS-Nslog Hijacks Firefox and Automatically Feeds Your Passwords to Hackers

Posted By Pete at 3:35 PM, October 12, 2010

I think they may have been onto something when it was reported last year that Firefox was the browser with the most vulnerabilities. We've commented that the open source nature of Firefox could make it a bit more susceptible to exploits. Well, here's one that will make you think twice before logging into your online bank account with Firefox.

The folks at Webroot have discovered (it's a really nice read btw, which will give you good insight on how malware such as this operates) a new Trojan (Trojan-PWS-Nslog) that conveniences the user by making Firefox "skip" the step where it prompts the user whether or not they'd like to save their password. The user-entered password is then automatically saved and stolen. After that, the hacker makes off with the user's login and sells it to anyone willing to pay or uses it to do who-knows-what.

If you feel you've been a victim of said Trojan, run a scan with your updated AV software and reinstall Firefox. That said, in this particular instance it is very easy for users to unwittingly expose their passwords. It just shows again how important it is to protect your network/PCs with layers of defense (and even more importantly how more robust software code is needed throughout the industry but more on that in the future).

Posted by: Pete at 3:35 PM
Categories: General , Malware

No TrackBacks

TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/109

Comments