Webroot: Iranian distributes free Firefox password logger

Summary:A freely available Trojan has been circulated that steals passwords stored within Firefox, Internet Explorer and the Windows Registry, security company Webroot reported last Wednesday.The Trojan, which Webroot named Trojan-PWS-Nslog, modified a core Firefox file — nsLoginManagerPrompter.

A freely available Trojan has been circulated that steals passwords stored within Firefox, Internet Explorer and the Windows Registry, security company Webroot reported last Wednesday.

The Trojan, which Webroot named Trojan-PWS-Nslog, modified a core Firefox file — nsLoginManagerPrompter.js — to make the web browser automatically save users' login credentials without asking their consent. It also took information from Internet Explorer's password storage area, along with the Windows Registry. The web server that the Trojan sent its data to is no longer active, according to Webroot.

Upon analysing the Trojan's source code, Webroot found that it contained the creator's name and email address. With this, they were able to track the creator to a message board, where it became apparent that he had distributed the Trojan as a free download. Webroot eventually found his Facebook profile, and discovered that he was based in Kiraj, Iran.

Though Webroot and other antivirus companies can detect and remove the Trojan, they cannot fix the modified file, Webroot said. However, downloading a new Firefox installer will, during the installation process, naturally overwrite the modified file.

Neither Microsoft nor the Mozilla Foundation had issued Trojan-specific patches at the time of writing.

Topics: Storage

About

Jack Clark has spent the past three years writing about the technical and economic principles that are driving the shift to cloud computing. He's visited data centers on two continents, quizzed senior engineers from Google, Intel and Facebook on the technologies they work on and read more technical papers than you care to name on topics f... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.