Closed Bug 513739 Opened 16 years ago Closed 16 years ago

Spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update

Categories

(addons.mozilla.org Graveyard :: Policy, defect)

Product:
addons.mozilla.org Graveyard
Component:
Policy
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 513570

People

(Reporter: u88484, Unassigned)

References

(
URL
)

Details

Filed this for investigation based on a report from Trend Micro Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called “Adobe Flash Player 0.2,” the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts. The said add-on injects ads into the user’s Google search results pages. More disturbing, however, is its capability to monitor the user’s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}jupdate.com. We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targetting the most popular alternative Internet browser—Firefox. Users should be wary, as always, of downloading updates from unknown sources. They should also note that no browser is safe from malicious attacks as cybercriminals will do just about anything to infect users with their malicious code. The Trend Micro Smart Protection Network already detects and consequently blocks the malicious code from running and the malicious add-on for being downloaded so Trend Micro product users need not worry. Read more: http://blog.trendmicro.com/firefox-addo-spies-on-google-search-results/#ixzz0Pn3QlUOv
Technical details: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FEBOD%2EA&VSect=P Says it runs on, "Windows 98, ME, NT, 2000, XP and Server 2003." I can't find anywhere that listed the extension ID though
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.