Firefox Spyware infects IE?

xtort · Mar 11, 2005

This is very interesting stuff. I dont doubt that with FF gaining in
market share, that we will see much more of this sort of stuff...

"What if there was an infection out there that could bypass Firefox and
still get its grubby little paws on IE, and from there, the heart of
your OS? What if that same infection could get past not only FF, but a
whole raft of other (supposedly more secure)"

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

best,
xtort
[http://xtort.net]

me · Mar 11, 2005

This is very interesting stuff. I dont doubt that with FF
gaining in market share, that we will see much more of this
sort of stuff...

"What if there was an infection out there that could bypass
Firefox and still get its grubby little paws on IE, and
from there, the heart of your OS? What if that same
infection could get past not only FF, but a whole raft of
other (supposedly more secure)"

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects
-ie.html

best,
xtort
[http://xtort.net]

FWIW, Firefox has been used as "typhoid Mary" since April '04.
Perhaps earlier.

J

xtort · Mar 11, 2005

This is true, but what is interesting about this method is, that
instead of manipulating active x exploits, it uses the non-MS java-re

best,
xtort
[http://xtort.net]

Fuzzy Logic · Mar 11, 2005

This is true, but what is interesting about this method is, that
instead of manipulating active x exploits, it uses the non-MS java-re

best,
xtort
[http://xtort.net]

Next you can expect attacks via 3rd party plugins.

=?ISO-8859-1?Q?=BBQ=AB?= · Mar 11, 2005

This is very interesting stuff. I dont doubt that with FF gaining
in market share, that we will see much more of this sort of
stuff...

"What if there was an infection out there that could bypass
Firefox and still get its grubby little paws on IE, and from
there, the heart of your OS? What if that same infection could get
past not only FF, but a whole raft of other (supposedly more
secure)"

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

"Being a curious soul, I agreed to the install - and quickly wished I
hadn't!"

This after Firefox prompted the user about installing, including the
information that the applet's certificate is invalid /and/ the issuer
is untrusted. I wouldn't call that "bypassing" Firefox or Opera, which
will also prompt the user.

=?ISO-8859-1?Q?=BBQ=AB?= · Mar 11, 2005

Next you can expect attacks via 3rd party plugins.

Heh, isn't Sun's java plugin a third-party plugin?

123 · Mar 11, 2005

xtort said:
http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

From the above URL: "This is a shot of IE with the infection domain already
added to the 'Restricted Sites' zone in Internet Options."

This is precisely why I prefer FF to IE: there are "zones" to worry about!

Also: "Being a curious soul, I agreed to the install - and quickly wished
I hadn't!"

Serves the idiot right for installing something from an unknown source!

Wald · Mar 11, 2005

xtort said:
This is very interesting stuff. I dont doubt that with FF gaining in
market share, that we will see much more of this sort of stuff...

"What if there was an infection out there that could bypass Firefox and
still get its grubby little paws on IE, and from there, the heart of
your OS? What if that same infection could get past not only FF, but a
whole raft of other (supposedly more secure)"

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

I agree with other posters that the biggest problem here is the author. He
was prompted before the installation, and neglected to verify the origin of
the software.

It's just the same with freeware: you don't just install everything that's
called "install.exe" without knowing what it is and where it came from...

Regards,
Wald

Mel · Mar 11, 2005

This is very interesting stuff. I dont doubt that with FF gaining in
market share, that we will see much more of this sort of stuff...

"What if there was an infection out there that could bypass Firefox and
still get its grubby little paws on IE, and from there, the heart of
your OS? What if that same infection could get past not only FF, but a
whole raft of other (supposedly more secure)"

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

best,
xtort
[http://xtort.net]

It was the user that allowed the infection not the software. A Security
Warning asked for Permission to download and execute an Applet - the
user clicked yes instead of no and infected his own computer.

James Picardat · Mar 12, 2005

No software, no matter how cleverly writen can protect the user from
himself.

Perhaps this thread should have been named Java Applet Infects IE as
this is actually what transpired; no automatic "behind the scenes"
activity occured from within the Firefox browser session.

Using Firefox as a scapegoat for extremely poor judgement on the part of
the user is IMO in bad taste.

This has the smell of Microsoft behind it.

elaich · Mar 12, 2005

his is true, but what is interesting about this method is, that
instead of manipulating active x exploits, it uses the non-MS java-re

No savvy user has Java installed to begin with.

JanC · Mar 12, 2005

»Q« schreef:

"Being a curious soul, I agreed to the install - and quickly wished I
hadn't!"

This after Firefox prompted the user about installing, including the
information that the applet's certificate is invalid /and/ the issuer
is untrusted. I wouldn't call that "bypassing" Firefox or Opera, which
will also prompt the user.

Yeah, sounds more like 'bypassing the user'. ;-)

There is one problem though: it is possible to disable this security
check, and it seems like some semi-popular 'warez download tool' using
such an untrusted applet has provided a how-to for that. :-(

=?ISO-8859-1?Q?=BBQ=AB?= · Mar 12, 2005

Yeah, sounds more like 'bypassing the user'. ;-)

There is one problem though: it is possible to disable this
security check, and it seems like some semi-popular 'warez
download tool' using such an untrusted applet has provided a
how-to for that. :-(

You mean disable the certificate checking or disable the dialog
entirely? I thought there was no way to disable prompting for installs
with Firefox, and I don't see a way to turn off cert checking in the
GUI.

Old Boozer · Mar 12, 2005

It was the user that allowed the infection not the software. A Security
Warning asked for Permission to download and execute an Applet - the
user clicked yes instead of no and infected his own computer.

Like the old porn dialer Trojans the page could be scripted to install
even if you click no! So in the future these scipt kiddy's may do that.
Proxomitron and the support group at Yahoo for this program try
to keep up with these things. Perhaps people should view webpages
the way they want to instead of the way the page author scripts it.
My intention is to alert the group, not the world.

OB.

=?ISO-8859-1?Q?=BBQ=AB?= · Mar 12, 2005

Like the old porn dialer Trojans the page could be scripted to
install even if you click no! So in the future these scipt kiddy's
may do that.

With Firefox, the installer has no control over the dialog box, so it
can't switch the buttons.

elaich · Mar 12, 2005

With Firefox, the installer has no control over the dialog box, so it
can't switch the buttons.

Add one more good reason to use Firefox and dump IE.

JanC · Mar 12, 2005

»Q« schreef:

You mean disable the certificate checking or disable the dialog
entirely? I thought there was no way to disable prompting for installs
with Firefox, and I don't see a way to turn off cert checking in the
GUI.

The certificate checking IIRC, and it was an about:config setting.

Aaron · Mar 13, 2005

123 said:
From the above URL: "This is a shot of IE with the infection domain
already added to the 'Restricted Sites' zone in Internet Options."

Obviously, if FF is running, the 'Restricted Sites' zone in IE wont be of
any use.

From here, this trival theory is mentioned

"What if there was an infection out there that could bypass Firefox and
still get its grubby little paws on IE, and from there, the heart of
your OS? What if that same infection could get past not only FF, but a
whole raft of other (supposedly more secure)"

If you can "bypass Firefox" you can do lots of things, not merely
infecting IE. Similarly, if I could get bypass IE, I could change
firefox's homepage, but nobody as borthered to do this yet.

Also: "Being a curious soul, I agreed to the install - and quickly
wished I hadn't!"

Serves the idiot right for installing something from an unknown
source!

Heh.

Nobody · Mar 18, 2005

No software, no matter how cleverly writen can protect the user from
himself.

Perhaps this thread should have been named Java Applet Infects IE as
this is actually what transpired; no automatic "behind the scenes"
activity occured from within the Firefox browser session.

Using Firefox as a scapegoat for extremely poor judgement on the part of
the user is IMO in bad taste.

This has the smell of Microsoft behind it.

I doubt very much that Microsoft would do anything of that nature.

Where's the benefit?

Regards, Trevor

Another black eye for Firefox 3.5	7	Jul 20, 2009
Firefox questions	12	Oct 27, 2008
IE still horribly insecure	35	May 14, 2005
Cant run IE or Firefox, but email OK! - WINSOCK errors (Win XP SP2	5	Aug 26, 2007
Should IE Stay or Should IE Go?	39	Mar 22, 2005
A comparison between IE and Firefox	20	Nov 6, 2004
Buggy IE behavior	2	Nov 11, 2006
Trouble with IE home page settings	1	Sep 8, 2006

Firefox Spyware infects IE?

xtort

me

xtort

Fuzzy Logic

=?ISO-8859-1?Q?=BBQ=AB?=

=?ISO-8859-1?Q?=BBQ=AB?=

123

Wald

Mel

James Picardat

elaich

JanC

=?ISO-8859-1?Q?=BBQ=AB?=

Old Boozer

=?ISO-8859-1?Q?=BBQ=AB?=

elaich

JanC

Aaron

Nobody

Ask a Question

Similar Threads