Stu Sjouwerman, the founder of anti-spyware vendor Sunbelt Software, said on Tuesday that his company has discovered what it believes is the first spyware to take aim at surfers using Mozilla-based browsers.
Richard Stiennon, the vice president of threat research at Webroot, which also combats spyware, said that this piece of spyware does not target Firefox specifically.
"According to my research team this site does not target Firefox, but it does target Mozilla," said Stiennon. "Only a matter of time now until a Firefox spy is discovered."
Although the spyware is only installed if users agree to a certain download, many users are likely to click through as the download's dialogue box gives no indication of the software's malicious payload, said Sjouwerman.
"It's done in a way that people might not recognise as a normal install, and will work in Firefox," said Sjouwerman. "Ok, it's not a full fledged spyware attack yet, but it definitely shows where it's going."
Graham Cluley, a senior technology consultant at Sophos, said this particular spyware will only work on Mozilla browsers running on Microsoft Windows and does not affect browsers running on Linux.
Experts believe that Mozilla-based browsers such as Firefox have become a greater target for spyware as their market share has rapidly increased over the last six months -- from 2.4 percent in May to 7.4 percent in November, according to Web traffic measurement company OneStat.com. Firefox has said that it is aiming for 10 percent of Web surfers by the end of 2005.
Sjouwerman said that 'stealth spyware' targeted at Firefox is "bound to happen" as hackers are currently working hard trying to find security holes in the open source browser.
"There's a small army of rogue programmers that are tearing Firefox apart," said Sjouwerman.
But Cluley said he is not sure what type of spyware will target Firefox.
"It's hard to predict precisely what form spyware for Firefox may take, as it will depend in part on what security flaws may be found in the Firefox code in the future and how quickly the community responds to patch those vulnerabilities," said Cluley.
David McGuinness, a Mozilla contributor, said Firefox provides protection against installing software from all sites apart from update.mozilla.org by displaying a yellow information bar if a site tries to automatically install code on the user's PC. But he warned that it will be more difficult to protect users against a stealth install.
"It all boils down to user education. People can install applications with variable amounts of effort from all browsers, it's the stealth attacks that are the problem where people get infected without running anything themselves," said McGuinness. "Fortunately Firefox has a better record on this than Microsoft has."
Talkback
"Spyware takes aim at Mozilla browsers"
"the spyware is only installed if users agree to a certain download"
While I realize the MS toadies are rubbing their hands with glee at the thought of a Mozilla/Firefox spyware threat, this is hardly in the same class as the vulnerabilities suffered by MSIE.
This article gives no evidence that this spyware exploits a flaw in Mozilla and/or Firefox. Rather, it seems to rely on the inattention of the user.
The title/headline of this article is misleading.
A little less hyperbole, and a little more fact, would be appreciated.
Are we talking about Firefox on Windows or linux or both.
For a different view see:
http://internet.newsforge.com/article.pl?sid=05/01/31/2121249&tid=144&tid=78
There (under: Working on it now) you'll find what Sunbelt also had to say about 'spyware on FireFox' on February 7, 2005.
Furthermore, for some additional comments see:
http://www.dslreports.com/forum/remark,12605742~mode=flat
Thanks for your comments. I have updated the article to make it clear that the spyware will only work on Windows.
This a red herring. Firefox extensions only work from a white list, ie the disseminating web server has to be on a list which the user has affirmed themselves as being able to install software. In other words, random sites cannot install software.
Therefore for this "exploit" to work the user would have to stupid enough to manually allow the software to be installed. This is the complete opposite of MS Internet Exploiter which automatically installs software straight onto the operating system, not just the browser itself.