Banking Trojan Poses As Firefox Plugin
Check your Firefox Plugins folder and see if you don't happen to have an unwanted Trojan guest. Chrome users should follow the example, as the malware was reported to affect them as well.
December 4, 2008
The malware poses as a Firefox plugin and was designed to harvest baking login information every time the user enters certain sites included in the Trojan's list. Collected data is later sent to a server somewhere in Russia.
According to Bitdefender, a quick check in the Firefox Plugins folder will be enough to reveal the infection. Users who do find one of the following files should definitely do their banking on another computer until they clean up the infected one:
- "%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll"
- "%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"
The new attack is quite new, with reports claiming that infections are at a “very low” level.