- Jan 24, 2011
- 9,378
Miscreants have developed a strain of malware that makes sure website passwords are recorded by a victim's browser.
Saving website logic credentials is a user controlled option in all browsers, often enabled by default. But the practice is frowned upon by security researchers, who point to the risk that passwords left in browsers might easily be extracted by password-stealing Trojans, such as Zeus.
Anti-virus analysts at Webroot recently discovered a malware trick that means that even if fans of Firefox avoid saving their login credentials, their passwords are still saved by the open source browser. The Trojan modifies a core Firefox file, called nsLoginManagerPrompter.js, which controls whether Firefox prompts a user to save passwords when he or she logs into a secure site.
"Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explains. "After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user."
More details - link
Saving website logic credentials is a user controlled option in all browsers, often enabled by default. But the practice is frowned upon by security researchers, who point to the risk that passwords left in browsers might easily be extracted by password-stealing Trojans, such as Zeus.
Anti-virus analysts at Webroot recently discovered a malware trick that means that even if fans of Firefox avoid saving their login credentials, their passwords are still saved by the open source browser. The Trojan modifies a core Firefox file, called nsLoginManagerPrompter.js, which controls whether Firefox prompts a user to save passwords when he or she logs into a secure site.
"Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explains. "After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user."
More details - link
