Mozilla Firefox flaw exploited on Nobel Prize website

E

Emil

Posts: 152   +0
Staff

Malicious hackers are exploiting a newly discovered vulnerability in Mozilla Firefox to launch drive-by download attacks, according to security software company Norman. The exploit, first discovered as being implemented on the Nobel Prize website, works on Firefox 3.5 and 3.6.

Firefox users who visited the website were silently infected with Belmoo, a Windows Trojan that gives the attacker complete control of the machine. Once successfully installed, the malware creates an executable in the \Windows\temp directory and sets it to run on startup via the registry. It also attempts to connect to two Internet addresses, both which point to a server in Taiwan, through which someone can control the system.

Mozilla has acknowledged the problem and is investigating it further. "We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested," the company stated. "The trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox's built-in malware protection. However, the exploit code could still be live on other websites." In the interim, Firefox users have two workarounds available to them: disable Javascript and/or use NoScript.

Permalink to story.

https://www.techspot.com/news/40884-mozilla-firefox-flaw-exploited-on-nobel-prize-website.html

 
I use noscript and keep javascript disabled unless I have to use it. What I would really like is for Windows and Web browsers to block all servers from foreign domains (or specified top level domains) since a lot of these issues originate from non-US domains/networks.
 
bugs are every where and hackers will always find them and so far there is no full effective solution for all these Trojans, viruses, etc...


JMMD said:What I would really like is for Windows and Web browsers to block all servers from foreign domains (or specified top level domains) since a lot of these issues originate from non-US domains/networks.
Click to expand...

looooool thats the most weird solution i ever heard
 
Ahmed90 said:
bugs are every where and hackers will always find them and so far there is no full effective solution for all these Trojans, viruses, etc...




looooool thats the most weird solution i ever heard
Click to expand...

Really? makes a lot of sense from a security standpoint. Let's say that 80% of malware being served on hacked websites is downloaded from a .ru , cn, pl, etc. domain/host.

Wouldn't blocking all of those domains make sense? I have no need to ever access any top level domains from other countries. It's not going to stop everything but every bit helps.
 
JMMD said:

Really? makes a lot of sense from a security standpoint. Let's say that 80% of malware being served on hacked websites is downloaded from a .ru , cn, pl, etc. domain/host.

Wouldn't blocking all of those domains make sense? I have no need to ever access any top level domains from other countries. It's not going to stop everything but every bit helps.
Click to expand...

maybe you "have no need to ever access" these sites but many many many other people do need it

maybe instead the internet main organizations should make some laws for local data-centers in these countries

but blocking them nope it will never solve the issue thy can easily get a .com domain or even .us and use it with such a infected servers / web sites
 
wow that's like putting a spotlight on a perfect storm.. dont do it! it's a trap! im not a troll but this is how i felt after reading this.
 
Some workarounds that are more than a quick fix and more universal in their prevention controls:
1) Use antivirus software. This could have identified the trojan during or right after the download.
2) Use software to stop apps from running. Some firewalls do this. With Windows, if User Account Control (UAC) is on, then UAC will prompt you. This could have stopped the trojan from changing the registry, connecting to a remote server...
3) Use a firewall to control network connections. There are firewalls that can be configured to only allow outgoing connections you want and block the ones you don't want. This could have stopped the trojan from connecting to a remote server. They can also do the same for inbound connections, which could stop the remote server from making your computer a slave.
4) And if the above is still not enough, use software that can block domains or IP addresses. This could have stopped outbound and inbound connections with a remote server.
 
Congratulations, while visiting a nobel prize website, you got hacked. Indeed, what a strange place to put a trojan in... But maybe thats the thing, the least expected it is, the higher the chance of catching people of guard i suppose.
 
Well, I am unsure, but just now there is a FF update to version 3.6.12; may be that has fixed it? I hope someone will confirm it.
 
Would been nice for Techspot to tell us what those IP's are if they knew. Then Id just block them from my router and even if I was infected they would not be able to gain control because id have the server blocked. I think if information like that was published people could better protect their self's.
 
JMMD said:
I use noscript and keep javascript disabled unless I have to use it. What I would really like is for Windows and Web browsers to block all servers from foreign domains (or specified top level domains) since a lot of these issues originate from non-US domains/networks.
Click to expand...

Ha, someone might actually get offended by that comment! :)

And really, many people rely on foreign and top level solutions. I know loads of people who use Tokelau-aliases for their websites. And Niue-servers to host them. To put it frankly, I'm offended by this comment. However I understand how you think, and it's perfectly fine wanting to increase one's security.

But a solution like this would simply not work. Especially not if everyone started using Windows' and browser's which block foreign content. Multimillions of dollars will be lost if the world-wide-web stopped being world-wide. Foreign people would stop learning things from YouTube, foreign people would not be able to chat with friends on Skype, MSN or Facebook, foreign people would sieze developing. And no good can come of this, you know...
 
Lokalaskurar said:
JMMD said:
I use noscript and keep javascript disabled unless I have to use it. What I would really like is for Windows and Web browsers to block all servers from foreign domains (or specified top level domains) since a lot of these issues originate from non-US domains/networks.
Click to expand...

Ha, someone might actually get offended by that comment! :)

And really, many people rely on foreign and top level solutions. I know loads of people who use Tokelau-aliases for their websites. And Niue-servers to host them. To put it frankly, I'm offended by this comment. However I understand how you think, and it's perfectly fine wanting to increase one's security.

But a solution like this would simply not work. Especially not if everyone started using Windows' and browser's which block foreign content. Multimillions of dollars will be lost if the world-wide-web stopped being world-wide. Foreign people would stop learning things from YouTube, foreign people would not be able to chat with friends on Skype, MSN or Facebook, foreign people would sieze developing. And no good can come of this, you know...
Click to expand...

If you do want to block TLD (Top Level Domains) Install DNSKong

http://accs-net.com/hosts/DNSKong.html

this will allow you to enter .ru for example and any DNS lookup for any .ru websites will get directed to your internal loopback address meaning it will go no were!

Incase anyone wanted to know if it was possible....
 
Guest said:
Some workarounds that are more than a quick fix and more universal in their prevention controls:
1) Use antivirus software. This could have identified the trojan during or right after the download.
2) Use software to stop apps from running. Some firewalls do this. With Windows, if User Account Control (UAC) is on, then UAC will prompt you. This could have stopped the trojan from changing the registry, connecting to a remote server...
3) Use a firewall to control network connections. There are firewalls that can be configured to only allow outgoing connections you want and block the ones you don't want. This could have stopped the trojan from connecting to a remote server. They can also do the same for inbound connections, which could stop the remote server from making your computer a slave.
4) And if the above is still not enough, use software that can block domains or IP addresses. This could have stopped outbound and inbound connections with a remote server.
Click to expand...

& five) clean out your Temp/folders oh I mean Ccleaner your temp/folders
 
Seeing a trend? Google with their password hacking, Trojan affecting Mac and Win7, then this? We gotta be careful, we're being watched!
 
this Q is always in my mind.why hackers, crackers always go one step ahead form developers? do the developers wanna that may be they wanna work to do?
 
Archean said:
Well, I am unsure, but just now there is a FF update to version 3.6.12; may be that has fixed it? I hope someone will confirm it.
Click to expand...
I still cannot get this to install yet ie download-download-download-download - then - "error on install due to firefox running in another window"......yes it's "autodownloading" -wtf...??
 
You must log in or register to reply here.

Similar threads

D
Google fixes critical Android flaw that could be exploited to hack your phone remotely
Replies
6
Views
288
envirovore
envirovore
A
A critical vulnerability in ownCloud servers is being exploited en masse
Replies
2
Views
221
Burty117
Burty117
A
Google and Mozilla patch their internet tools against a critical security flaw
Replies
0
Views
234
Alfonso Maruccia
A

Latest posts

Back