also @ TechSpot: OCZ Vertex 450 Review

Malicious FireFox extension seeks to steal private data

By Justin Mann

On July 26, 2006, 5:36 PM

FireFox users beware, a rogue extension dubbed “FormSpy” is out to steal private information. Disguising itself as the very legitimate NumberLinks extension, the malware will actively look for passwords and private information like credit card numbers, as well as monitoring things like FTP and email traffic for private data. Primarily, a user gets infected by this extension through a piece of 3rd party software called Downloader-AXM. While that particular piece of software only affects Windows users, the fact that malicious extensions exist goes to show that ultimately, no matter how much security a system has, the user still has to make up their mind as to what they allow on their machines. You can read McAfee's security response here.

No tags on this story

4 comments

User Comments: 4

Got something to say? Post a comment
  1. July 26, 2006 6:01 PM
    DragonMaster said:
    Hopefully, NumberLinks doesn't look as something that is used by a lot of people. (Doesn't seem very useful)Just hoping Mozilla will do something about this -> Make extensions harder to install. They should include this before FFX2 is released.
    Reply
  2. July 27, 2006 2:18 AM
    ThomasNews said:
    Making extensions harder to install for the End User isn't really the solution. The user needs to be more aware of what they are installing & not just blindly clicking Yes to prompts. The only thing I could imagine they would/could do is to valid an extension has been downloaded from Mozilla's secure extension sites/or some Extension whitelist.
    Reply
  3. July 27, 2006 8:57 AM
    spike said:
    I suppose there could be some kind of encrypted signing system, where extentions have to be approved and signed by the Moz/FF community, and firefox will only accept extentions with that signing. It's not the best solution ideologically perhaps, but it works (for now, until the signing were to get cracked).
    Reply
  4. July 27, 2006 10:27 PM
    DragonMaster said:
    The only thing is that an automated script can easily install a new extension just by copying files in the Mozilla folder w/o anyone noticing.
    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Routers

Downloads and Drivers

Downloads   Drivers  

KiTTY 0.62.2.3

mIRC 7.32

Actual Bookmarks 1.2

World of Warcraft Patch 5.3.0

Funny Photo Maker 2.4.1

More Downloads

Latest Discussion

GT610 VG card problem 5 replies on Audio and Video

How did my Windows key become disabled? 19 replies on Other Hardware

Fast download speed, low browsing/streaming speed 7 replies on Storage and Networking

USB drive or flash problems? How to cleanup and remove old USB storage drivers 61 replies on Guides and Tutorials

How to identify your webcam (and then find its driver) 387 replies on Device Drivers

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.