On GameFAQs: The top 10 most tiring games
BNET Business Network:
BNET
TechRepublic
ZDNet
89 TalkBacks

By Ingrid Marson
Posted on ZDNet News: Feb 9, 2005 8:04:00 PM

Security experts are advising that spyware that targets browsers from the Mozilla Foundation has been spotted--a threat that could worsen as its Firefox browser takes market share from Microsoft.

Stu Sjouwerman, the founder of Sunbelt Software, said on Tuesday that the anti-spyware company has discovered what it believes is the first spyware to take aim at surfers using Mozilla browsers.

Richard Stiennon, vice president of threat research at Webroot Software, which also develops anti-spyware tools, said that the malicious software does not target Firefox specifically.

"According to my research team, this site does not target Firefox, but it does target Mozilla," Stiennon said. "(It's) only a matter of time now until a Firefox spy is discovered."

Although the spyware is only installed if users agree to download a certain file, many users are likely to click through, as the download's dialogue box gives no indication of the file's malicious payload, Sjouwerman said.

"It's done in a way that people might not recognize as a normal install, and will work in Firefox," Sjouwerman said. "It's not a full-fledged spyware attack yet, but it definitely shows where it's going."

Experts believe that Mozilla-based browsers such as Firefox have become a greater target for spyware as their market share has rapidly increased over the last six months--from 2.4 percent in May to 7.4 percent in November, according to Web traffic measurement company OneStat.com. Firefox has said that it is aiming for 10 percent of Web surfers by the end of 2005.

Writers of viruses and spyware for browsers have typically concentrated on Internet Explorer, because of its near-total market dominance. But that could be changing now that Firefox is making gains at the expense of Microsoft's browser.

Sjouwerman said that "stealth spyware" targeted at Firefox is "bound to happen" as hackers are currently working hard trying to find security holes in the open-source browser. "There's a small army of rogue programmers that are tearing Firefox apart," he said.

But Graham Cluley, a senior technology consultant at security company Sophos, said he is not sure what type of spyware will target Firefox.

"It's hard to predict precisely what form spyware for Firefox may take, as it will depend in part on what security flaws may be found in the Firefox code in the future, and how quickly the community responds to patch those vulnerabilities," Cluley said.

David McGuinness, a Mozilla contributor, said Firefox protects PC users by displaying a yellow information bar if a site that is not Update.mozilla.org tries to automatically install code. But he warned that it will be more difficult to protect systems against a stealth install.

"It all boils down to user education. People can install applications with variable amounts of effort from all browsers. It's the stealth attacks that are the problem, where people get infected without running anything themselves," McGuinness said.

Ingrid Marson of ZDNet UK reported from London.

  • Talkback
  • Most Recent of 89 Talkback(s)
Yes, but
Just because spybot may call it spyware does not mean that it is spyware. People tend to be more concerned about adware than spyware, even if tools do not distinguish. With true spyware, people are m... (Read the rest)
Posted by: wresnick Posted on: 02/11/05 You are currently: Logged In as: a Guest  | Login | Terms of Use
Ah HA!  bobiroc | 02/09/05
true but....  Nullifidian | 02/09/05
This is no surprise  doctormoriarty | 02/09/05
The problem is IE  htotten | 02/09/05
Read the story, not the headline  BitTwiddler | 02/09/05
good news  bugmenotznet | 02/10/05
At least it's not insecure by design....  Jomo_z | 02/10/05
Not quite  wresnick | 02/11/05
brittany_spears.xpi  osreinstall | 02/09/05
It was only a matter of time  htotten | 02/09/05
And those of us who support Firefox will say...  nucrash | 02/09/05
And if Opera  htotten | 02/09/05
Re: And those of us who support firefox  alterego_z | 02/09/05
On top of it?  PA-ITGuy | 02/09/05
Or an exploit  alterego_z | 02/09/05
Ahhh...  PA-ITGuy | 02/09/05
You're right of course  Michael Kelly | 02/09/05
Have some patch links.  Letophoro | 02/10/05
My questions is...  PA-ITGuy | 02/10/05
Stability  Letophoro | 02/10/05
Yeah, but it's not a flaw in the traditional sense...  jvahabzadeh | 02/10/05
Wrong flaw...  PA-ITGuy | 02/10/05
Oh!  jvahabzadeh | 02/10/05
And..  d_jedi | 02/09/05
Well..  Jeff Spicoli | 02/09/05
Will Wonders Ever Cease!!! Good Post Jeff...  tbbrickster_z | 02/10/05
Thank you Brickster  Jeff Spicoli | 02/10/05
When the first IE flaw was found...  Mack DaNife | 02/10/05
My point was..  d_jedi | 02/10/05
and so it goes  tony_da_tyger | 02/09/05
Your last sentence tells it all...  BitTwiddler | 02/09/05
The headlines here are AWFUL!  BitTwiddler | 02/09/05
Is the spyware multi-platform?  worknman | 02/09/05
OS at fault  hipparchus2000 | 02/09/05
Troll  d_jedi | 02/09/05
The question is...  tic swayback | 02/09/05
I believe..  d_jedi | 02/09/05
Microsoft was SO close!  NonZealot | 02/09/05
Even though...  Mack DaNife | 02/10/05
Right click then Left click is cumbersome?  NonZealot | 02/10/05
What makes it cumbersome...  Michael Kelly | 02/10/05
Defaults kill XP  NonZealot | 02/09/05
Which version of windows are you smoking?  jimbo_z | 02/09/05
With Windows XP use Start>Run Spyware As happy NT  Zoraster | 02/09/05
yes but this is not the default when you install Windows XP home  hipparchus2000 | 02/09/05
Less of a pain in the...  PA-ITGuy | 02/09/05
Maybe home is different than Pro  NonZealot | 02/09/05
He must be smoking XP home edition  Hugh Jass | 02/09/05
One tiny correction  NonZealot | 02/09/05
You're right - I made the assumption that  Hugh Jass | 02/09/05
Oh yeah, I forgot!!  NonZealot | 02/09/05
moms and dads will not do this  hipparchus2000 | 02/10/05
RE: Troll  richdave | 02/10/05
To be fair  NonZealot | 02/09/05
Infected Infectious or Infectable  Zoraster | 02/09/05
Many M$ Pgms Require Admin Logon  tbbrickster_z | 02/10/05
This MDollarSign's fault how?  NonZealot | 02/10/05
Is this spyware multip-platform?  worknman | 02/09/05
Most likely it will only run on Windows  Hugh Jass | 02/09/05
I thought this was an XPI file/Mozilla extension ...  worknman | 02/10/05
Not all of them do  Michael Kelly | 02/10/05
The proof of the pudding is in the offing  whisperycat | 02/09/05
I've gotten spyware with Firefox  voska | 02/09/05
cookies != spyware  boxmonkey | 02/09/05
True enough  voska | 02/10/05
Yes, but  wresnick | 02/11/05
I haven't gotten anything yet  Michael Kelly | 02/09/05
Roll with the punches  raymanjr | 02/09/05
That's the problem though...  Michael Kelly | 02/09/05
It will be months before most get Firefox patches  NonZealot | 02/09/05
Still I have hope...  Michael Kelly | 02/09/05
what patch is possible?  hipparchus2000 | 02/10/05
HUH!!! Whatabout the Nightly Builds???  tbbrickster_z | 02/10/05
Great! You found a nightly build page!  Michael Kelly | 02/10/05
Nightly builds  PA-ITGuy | 02/10/05
Ya know what...  ReFoRMaT | 02/09/05
Still all comes down to $.  bfsunny | 02/09/05
Firefox needs to be more careful  Roger Ramjet | 02/10/05
but firefox doesn't do this on platforms other than windows  hipparchus2000 | 02/10/05
No where in this article...  ShadeTree | 02/10/05
Nice FUD  ITGuy04 | 02/10/05
What *Else* Didja Expect From ZDNet?  tbbrickster_z | 02/10/05
The average user using Firefox is not an idiot  cppsolutions | 02/10/05
Spoken like a true...  ShadeTree | 02/10/05
For now I think he is mostly right  NonZealot | 02/10/05
To add to what I said though...  NonZealot | 02/10/05
A..rather profound insight  Jeff Spicoli | 02/10/05
Should the headline have been...  Omch'Ar | 02/10/05
Why under the table?  rapson | 02/10/05

What do you think?

advertisement
advertisement

Dedicated Hosting

advertisement
Click Here