magmatic.com - Squawk Box - Firefox 0day Delivers Windows Malware

MAAS History

Firefox 0day Delivers Windows Malware

Tuesday, October 26, 2010 at 09:50PM

A critical vulnerability exist in Firefox which affects all platforms and currently delivering Windows specific malware. One major concern is that this exploit targets an un-patch vulnerability. It would appear that the Bugzilla page which is password protected may have been part of the recon process in exploit discovery.

Open source code that is available for any coder to view represents a double edge sword, on the one hand the community works to improve the software. On the other side of that coin users with malicious intent have an excellent resource readily available including code and bugs reports. Currently open source and community based projects remain sound but code review is recommended for critical production systems.

If you are interested in exploit development source code can prove a useful tool. Many exploit and 0day authors will download open source code to truly understand how particular units may perform validation and verification of data. Skilled malicious actors do the same, normally however there are far more efficient methods for finding exploits. Code review is labor intense but the criminal life cycle is producing far more advanced skill sets.

Macintosh administrator and users should be aware of this exploit and remain vigilant. Using NoScript in conjunction with an anti-virus product may be the best defense. Currently this exploit can deliver Mac based malware include fake installers and root kits.

Update on Tuesday, October 26, 2010 at 10:58PM by

drStrangeP0rk

Current reports indicate that the Iranian Cyber Army is collectively accumulating bots. There is no indication that the two events are linked but malware delivery via political sites such as the Noble Peace Prize is at the very least interesting.

Update on Thursday, October 28, 2010 at 08:54AM by

drStrangeP0rk

Modzilla has released an update to Firefox to patch the vulnerability that was being exploited by a 0day in the wild. Users should select check for updates or download the update directly from this location. (The update server was very busy after the release.)

http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/

drStrangeP0rk |

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Source: http://www.theregister.co.uk/2010/10/26/firefox_0day_report/

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

magmatic.com by magmatic consulting is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at http://magmatic.com.
Permissions beyond the scope of this license may be available at http://magmatic.com.