Tuesday, December 9, 2008
You may have already heard of this, but there is a malware which goes around disguised as a Firefox extension. I have no details regarding the malicious code but to be honest, I am not surprised at all. In fact, I wonder why it took so long for the bad guys to figure that Firefox is an excellent malware delivery platform. Usually they are quicker.
A couple of months back, just before my BlackHat talk, I was planning to launch yet another of my experiments. It was supposed to be part of the my talk under the "4th generation malware" topic. My plan was to smuggle malicious code as a Firefox addon on addons.mozilla.org as a proof that even benign-looking extensions can contain quite catastrophic backdoors. For obvious reasons I did not go with my plan but the task still seams very much possible.
Even if Mozilla implements more granular security model for Firefox extension, in a similar fashion to what the Chrome developers are implementing now, it still wont be enough. The ugly truth is that most users will allow the extension to do whatever as long as it gets what it is asked for done.
The bottom line is that client-side, more specifically web technologies are immensely complicated. They are ridiculously expressive and at the same time nightmare for debugging and as such they make a perfect medium for smuggling some malicious code into. No FUD, just the ugly reality!