Malicious hackers are exploiting a newly discovered vulnerability in Mozilla Firefox to launch drive-by download attacks, according to security software company Norman. The exploit, first discovered as being implemented on the Nobel Prize website, works on Firefox 3.5 and 3.6.
Firefox users who visited the website were silently infected with Belmoo, a Windows Trojan that gives the attacker complete control of the machine. Once successfully installed, the malware creates an executable in the \Windows\temp directory and sets it to run on startup via the registry. It also attempts to connect to two Internet addresses, both which point to a server in Taiwan, through which someone can control the system.
Mozilla has acknowledged the problem and is investigating it further. "We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested," the company stated. "The trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox's built-in malware protection. However, the exploit code could still be live on other websites." In the interim, Firefox users have two workarounds available to them: disable Javascript and/or use NoScript.