Sunday, August 30, 2009

Click Fraud Malware Hides as Firefox Extension

Security researchers warn of a new piece of malware that functions as an extension for the Mozilla Firefox browser. The rogue add-on intercepts Google search queries and injects advertisements into the results.

The new attack has been reported by analysts from antivirus vendor Trend Micro and seems to be motivated by illegal monetary gain through an advertising scheme. The threat combines techniques previously employed by different families of malware.

For a start, it comes under the form of a Firefox extension, which is rather uncommon. A similar computer trojan running as a Firefox extension, which was used to monitor user sessions and capture online banking credentials for over 100 financial institutions, was discovered back in December 2008.

Dubbed Trojan.PWS.ChromeInject by BitDefender researchers, the malicious extension was being deployed without the users' consent by other malware already present on the infected computers. In comparison, this new Firefox threat, which Trend Micro calls TSPY_EBOD.A, is using social engineering to trick users into installing it.

The extension is being offered on various forums via JavaScript as an Adobe Flash Player update. Once installed, it appears in the Add-ons Management window under the Extensions tab as "Adobe Flash Player 0.2." It is worth noting that the real Flash Player add-on for Firefox is actually a plug-in, which is listed under the Plugins tab as "Shockwave Flash [version number]."

This new piece of malware is actually a click fraud trojan, which injects ads into Google search-result pages. When these ads are clicked, the trojan's authors are receiving a small fee from the advertising network supplying them. Back in July, we reported about a similar trojan, which hijacked queries performed through the default search boxes in Internet Explorer and Firefox and routed them through a custom Google search widget.


See also Firefox Keylogger Plugin

1 comment:

casque bluetooth said...

I am very happy to appreciate you for your informative blog.I think the biggest threat in Internet is malware that exist as extension and perform their task. Thanks for making us aware of this malware.