On GameSpot: Black Wii Remote, Nunchuk hit US Nov. 16
BNET Business Network:
BNET
TechRepublic
ZDNet

September 1st, 2009

Firefox add-on spies on Google usage, search results

Posted by Ryan Naraine @ 10:54 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Firefox, Google, Java, Locally Running Web Servers, Malware, Mozilla, Open source, Passwords, Patch Watch

Tags: Google Inc., Mozilla Firefox, Malware, Google Search, Web Browser, Search Result, Web Browsers, Internet, Ryan Naraine

Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user’s Google search results.

The malicious Firefox extension, called “Adobe Flash Player 0.2,” injects ads into the user’s Google search results pages and even has the capability to monitor the user’s browsing activities, particularly Google search queries using the Firefox browser.

It then sends the information it gathers to a hacker-controlled server.

Trend Micro has a detailed description of this piece of malware and some insight into why this could become a bigger problem for people migrating towards Firefox in search of better browser security:

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targeting the most popular alternative Internet browser — Firefox.

Users should be wary, as always, of downloading updates from unknown sources. They should also note that no browser is safe from malicious attacks as cybercriminals will do just about anything to infect users with their malicious code.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 14 Talkback(s)
Yes! The "L" word!
One thing is consistent with ZDNet blogs- Linux fanatics will usually endeavor to get in their two cents in as soon as possible, regardless of blog subject matter. Can't find a driver? Linux does it b... (Read the rest)
Posted by: kknpz Posted on: 09/07/09 You are currently: a Guest | | Terms of Use
The malicious Firefox extension  gertruded | 09/01/09
And we know this is a Windows-only extension?  Michael Kelly | 09/01/09
HUGE difference...  mgp3 | 09/01/09
Right. It doesn't matter that you shot a guy  John Zern | 09/01/09
Yes! The "L" word!  kknpz | 09/07/09
At least  Michael Kelly | 09/01/09
The weak link is always idiots who click on everything  BillDem | 09/01/09
True, but  Michael Kelly | 09/01/09
I'm confused...  cabdriverjim | 09/01/09
Excatly the same as Internet explorer  jdbukis@... | 09/02/09
Don't get too confused. Its simple.  Cayble | 09/03/09
RE: Firefox add-on spies on Google usage, search results  bedekk@... | 09/02/09
Mis-stated headline  Greenknight_z | 09/03/09
re:add ons  matchstich | 09/04/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline