Malicious hackers are exploiting a newly discovered vulnerability in Mozilla Firefox to launch drive-by download attacks, according to security software company Norman. The exploit, first discovered as being implemented on the Nobel Prize website, works on Firefox 3.5 and 3.6.
Firefox users who visited the website were silently infected with Belmoo, a Windows Trojan that gives the attacker complete control of the machine. Once successfully installed, the malware creates an executable in the \Windows\temp directory and sets it to run on startup via the registry. It also attempts to connect to two Internet addresses, both which point to a server in Taiwan, through which someone can control the system.