Firefox 木马问题的提示

以下是mozillazine的公告。主要问题我在这里简译如下：
1。一个恶意软件叫做 Downloader-AXM，他的功能包括了修改firefox的扩展系统，不加提示的安装另外一个木马，叫做Formspy，这个木马可以纪录你上网时输入的信息，泄露你的安全。
2。Downloader-AXM 是这个风险能够工作的基础。他目前有两个渠道入侵内你的机器。a。一份伪装成沃而玛网上购物确认通知的邮件的附件(可执行文件)。b。微软IE浏览器一个3年前的VBS/Psyme 漏洞。
3。预防：更新IE的安全更新，注意你的邮件，不要随意打开可疑附件。
4。如何知道？如果你的扩展列表出现你没有安装过的“Numbered Links 0.9”，那么请立即杀毒。
5。最后，这个风险不是firefox的缺陷所引起，目前评估级别也不高。

Anti-virus firms are reporting that a trojan horse that takes the form of a Mozilla Firefox extension has been spotted in the wild. The trojan, which McAfee has named FormSpy and Sophos has dubbed Troj/FireSpy-A, captures information entered into the browser, including, but not limited to, passwords and banking details, and sends them to a remote computer. The trojan comes with a Windows executable that can also record ICQ, POP3, IMAP and FTP passwords. Within Firefox, the trojan pretends to be the legitimate numberedlinks extension.

The FormSpy trojan does not use any Firefox security flaws to infect computers. Instead, it is downloaded and installed automatically by a piece of Windows malware known as Downloader-AXM, which exists solely for the purpose of surreptitiously downloading and running trojan horses. Once downloaded by Downloader-AXM, FormSpy installs itself in Firefox by directly modifying Firefox user profile files, completely bypassing the standard Firefox extension installation mechanism (and warning messages).

To get infected by FormSpy in this way, a user must already have Downloader-AXM on his or her system. First spotted earlier this week, Downloader-AXM is distributed as a Windows executable attached to a spoof email purporting to be a order confirmation message from Wal-Mart. However, McAfee says that they have also seen attempts to install FormSpy using the three-year-old VBS/Psyme exploit in Microsoft Internet Explorer.

To check for infection, Firefox users are advised to examine their list of installed extensions (accessible from the Tools menu as the Extensions item). The unexpected presence of "Numbered Links 0.9" indicates a possible infection. The McAfee virus profile of FormSpy includes more information about the files installed by the trojan. McAfee believes that the number of infections is currently low.

TechWeb has an article about FormSpy. In the report, Craig Schmugar, virus research manager at McAfee's Avert Labs, expresses concerns about the ease with which the FormSpy trojan is able to disguise itself as the legitimate numberedlinks extension and suggests that Firefox developers should address this.

Thanks to roseman and Juha-Matti Laurio for some of the links used in this article.

已经看到有个帖子介绍过了。

呵呵，IE失火，殃及Firefox

国外的木马 。。。。。。。。。。。。
国内不感冒

我认为这是微软搞的伎俩，警告那些机器里装着win+IE的、却用什么firefox的用户：不要以为用了firefox就可以高枕无忧了。

超级搞笑呀！

web123lai：呵呵，IE失火，殃及Firefox回到原帖

和 IE 没甚么关系，除非你 3 年内都没更新过 windows。如果你 3 个月不更新 FF，你也要面对数十个安全漏洞。
http://www.mozilla.org/projects/securit ... ities.html

这根本就是城门失火，殃及池鱼嘛。

abc@home：

和 IE 没甚么关系，除非你 3 年内都没更新过 windows。如果你 3 个月不更新 FF，你也要面对数十个安全漏洞。
http://www.mozilla.org/projects/securit ... ities.html回到原帖

厄，原来如此，是我看错了，原来跟IE没关系，跟没更新的windows有关系，呵呵。那本人就改正一下我在上上楼发的帖好了。

中国龙：厄，原来如此，是我看错了，原来跟IE没关系，跟没更新的windows有关系，呵呵。那本人就改正一下我在上上楼发的帖好了。回到原帖

更新 windows 就会更新 IE，明白没有。

我说的是跟没更新的windows有关系 ，明白没有。

中国龙：我说的是跟没更新的windows有关系 ，明白没有。回到原帖

在哪里说，心中？在心中说没人会知道，明白吗？

[quote]厄，原来如此，是我看错了，原来跟IE没关系，跟没更新的windows有关系，呵呵。那本人就改正一下我在上上楼发的帖好了。

这下说明白了吧？

我是说如果你用 windows 但 3 年不更新便会十分危险，是十分愚蠢。

相信结合我上面的发言，我想大部分人都应该明白这里白痴指的什么。