The official Nobel Prize website was hacked yesterday, and for some time ran an exploit targeting a new 0-day vulnerability in the Firefox browser. According to our information, the exploit was used to install a backdoor on the user’s computer system without notifications or warning messages.
The backdoor tries to retrieve the path of the Windows directory to copy the file symantec.exe to %WINDIR%\temp\symantec.exe. Once the file is created there, autostart keys are added to the Windows Registry to load the file on system startup. The keys are added both to the user and local machine parts of the Registry, and the reg command is used to add them.
The program then tries to create two connections to Internet servers, namely to nobel.
On a successful connection, the malware opens a shell and the attacker can access the local computer with the same rights the malware was executed with.
Mozilla appears to be aware of the vulnerability and is developing a patch to protect the browser from the vulnerability. (via)
Update: Office Mozilla Response Up, suggest to disable JavaScript to protect the browser from the vulnerability.
Related Articles:
Another Critical Firefox Vulnerability EmergesHere We Go Again: Yet Another Flash 0-day Vulnerability Emerges
Windows 7 64-bit And Windows Server 2008 R2 Vulnerability Emerges
Another Adobe Reader Zero-Day Vulnerability Emerges
New Google Mail Security Vulnerability Emerges
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Thanks for following developments of this new intruder and letting us know what the malware scheme is like. Internet a 24/7/365 combat, but worth it.
Additional information here http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Looks like a real-time news blog as well, dedicated Mozilla. I’ll be sticking on it.
Mike Lin’s old (free) Startup Monitor would seem to be of help here. It monitors attempts to add entries to the run/start keys and allows you to say yes or no.
IMO, this is an essential program to run:
http://www.mlin.net/StartupMonitor.shtml
if wan’t to know more about it listen to Securrity Now with Steve Gibson & Leo Laporte.
http://Twit.tv/sn Episode 272: Firesheep
They are recording the show live as I type this, it should be available to download later tonight.
Versions 3.5.15/3.6.12 are out.
Thanks a lot for the info :)
The Firefox team made it fast ‘n’ clear! – Nice job.