Spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update

RESOLVED DUPLICATE of bug 513570

Status

addons.mozilla.org Graveyard
Policy
RESOLVED DUPLICATE of bug 513570
8 years ago
2 years ago

People

(Reporter: u88484, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

8 years ago
Filed this for investigation based on a report from Trend Micro 

Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called “Adobe Flash Player 0.2,” the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts.

The said add-on injects ads into the user’s Google search results pages. More disturbing, however, is its capability to monitor the user’s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}jupdate.com.

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targetting the most popular alternative Internet browser—Firefox.

Users should be wary, as always, of downloading updates from unknown sources. They should also note that no browser is safe from malicious attacks as cybercriminals will do just about anything to infect users with their malicious code.

The Trend Micro Smart Protection Network already detects and consequently blocks the malicious code from running and the malicious add-on for being downloaded so Trend Micro product users need not worry.

Read more: http://blog.trendmicro.com/firefox-addo-spies-on-google-search-results/#ixzz0Pn3QlUOv
(Reporter)

Comment 1

8 years ago
Technical details: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FEBOD%2EA&VSect=P

Says it runs on, "Windows 98, ME, NT, 2000, XP and Server 2003."

I can't find anywhere that listed the extension ID though

Updated

8 years ago
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 513570
(Assignee)

Updated

2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.