A new Firefox Trojan virus is reported to affect users of older versions of Windows, the security firm Trend Micro has stated.
In both versions of Firefox 3.5 and others, according to the Mozilla, zero day flaws causes a drive by download whereby a malicious file is downloaded and run without the users knowledge, it was first discovered on the official website for the Nobel peace prize, it was compromised by a malicious PHP script called, JS_NINDYAA, Trend Micro found.
The Trojan can be downloaded through a back door onto user systems, detected by trend micro as BKDR_NINDYAA, it then connects to a remote malicious server which can be used by cyber criminals to send various commands to the affected system including deleting all files and shutting it down.
But what’s unusual about the exploit, however is that for some reason or another the cyber criminals behind this attack has chosen to limit the scope of the exposed, Trend Micro said that Using browser headers can exploit checks both the Firefox versions and the operating system used.
Exactly, only recent versions of Firefox 3.6 are targeted by JS_NINDYAA, Exploit is not triggered, nevertheless when the user is running newer versions of Windows, including Vista and Windows 7 server 2008 and server 2008 R2, the latest Firefox 4 beta versions has confirmed to be safe from the exploit as well.
Linux as an alternative
The flaw has been deactivated on the Nobel peace prize site but there’s no telling at this point where else it may lurk and how many users may have been affected, Now Mozilla hard at work creating a patch but in the meantime, it recommends that users can deactivated Java script or use the no script plug in, instructions for disabling Java script are offered in Mozilla’s support section.
Researchers of Bit defender have discovered a new type of malicious software that collects passwords for banking websites but it targets only Firefox users.
This malware, which Bit defender dubbed Trojan, sits in Firefox add ons folder, this malware runs when Firefox is started.
The malware uses Java script to identify about 100 financial and money transfer web sites including Barclays, Bank of America and paypal along with twenty four or so Italian and Spanish banks, when it recognizes a site, it will collect all logins and passwords and forwarding that information to a server in Russia.
You can use Safe mode option, safe mode is a special Firefox execution mode that can be used to troubleshooting issues in Firefox, in safe mode you can reset some settings or disable add-ons that might be the source of the issue, by comparing Firefox behavior in normal mode to its behavior in safe mode with different items disabled you may be able to diagnose issues.