[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] FFSpy, a firefox malware PoC
- To: FUDder Guy <fudderguy@xxxxxxxxx>
- Subject: Re: [Full-disclosure] FFSpy, a firefox malware PoC
- From: Fosforo <fosforo@xxxxxxxxx>
- Date: Mon, 25 May 2009 20:39:34 -0300
Are we missing DNS stuff ? Are plugins signed ? is NoScript being used by
end users ?
Maybe an evilgrade plugin is comming....
[]s Fosforo
On Mon, May 25, 2009 at 3:24 PM, FUDder Guy <fudderguy@xxxxxxxxx> wrote:
> On Mon, May 25, 2009 at 8:26 PM, saphex <saphex@xxxxxxxxx> wrote:
> > This isn't about making the user install a malware add-on. It's about
> > gaining access to the system trough an exploit, or physical access,
> > modify an existing add-on with your code. And Firefox wont even
> > notice. Instead of installing a fancy rootkit or keylogger, just go
> > straight to the browser, simple. Go tell your average user to check
> > the codebase of the plug-ins he has installed in is Firefox from time
> > to time in order to make sure they haven't been tampered with, yeah
> > good choice...........
> >
>
> I agree that attacking Firefox is a simpler way to carry out the
> attack than installing rootkit or keylogger. However, this is no
> simpler than asking someone to download a cool game, script of
> screensaver from my site.
>
> Moreover, only addons.mozilla.org and update.mozilla.org are set as
> allowed sites for addon installations by default in the browser. If
> one tries to install addons from other site, Firefox issues a warning.
> So, this is pretty good. As far as the possibility of malicious addon
> on Mozilla site is concerened, the probability is pretty low as the
> addons on the Mozilla site appear for download only after a review
> process.
>
> So, I don't see this type of attack particularly more dangerous than a
> user downloading a software or script with trojan and running it. I
> also don't see this type of attack any simpler than fooling a user to
> run a cool game or script.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/