Web browser extensions have been popular tools for a while now. However, as with almost anything technological, there is a dark side to this. Spyware and malware authors are busy creating malicious browser extensions and disguising them as legitimate. A trojan known as FormSpy targeting Mozilla Firefox has been spammed as an e-mail attachment that pretends to be from a legitimate source. When the attachment is opened, it installs a Mozilla Firefox extension known as “NumberedLinks 0.9.” Unlike the real NumberedLinks 0.9, which is an open-source Firefox extension that allows web navigation by unique numbers attached to web page links, this doppleganger instead silently downloads a suite of keylogger applications that spend their time looking for credit card numbers, PIN numbers, passwords, and other user data from web, ICQ, FTP, IMAP, and POP3 traffic. This information is then sent back to the spammer’s web site. Extensions aren’t the only things being spoofed. Users are being sent an email telling them to download the newest Google Toolbar. Upon clicking the link, the user is sent to a fake web page that looks exactly like the real Google Toolbar download site. However, the download link on this site is actually a trojan. 

As always, practicing skeptical computing is a must. If you see any new toolbar or browser extensions, make sure that you download it from the official web site, rather than from a link in an e-mail or instant message. Skeptical computing isn’t just a philosophy, it should be a way of life. 

Related Posts

This entry was posted on Tuesday, July 25th, 2006 at 9:52 pm and is filed under Trojan Horse Threats.