ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Firefox add-on spies on Google usage, search results

By | September 1, 2009, 10:54am PDT

Summary: Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user’s Google search results.

Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user’s Google search results.

The malicious Firefox extension, called “Adobe Flash Player 0.2,” injects ads into the user’s Google search results pages and even has the capability to monitor the user’s browsing activities, particularly Google search queries using the Firefox browser.

It then sends the information it gathers to a hacker-controlled server.

Trend Micro has a detailed description of this piece of malware and some insight into why this could become a bigger problem for people migrating towards Firefox in search of better browser security:

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targeting the most popular alternative Internet browser — Firefox.

Users should be wary, as always, of downloading updates from unknown sources. They should also note that no browser is safe from malicious attacks as cybercriminals will do just about anything to infect users with their malicious code.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Google Inc., Mozilla Firefox, Malware, Google Search, Web Browser, Search Result, Web Browsers, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
15
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Firefox add-on spies on Google usage, search results
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
The malicious Firefox extension
gertruded 1st Sep 2009
Yeh, let's try to panic everyone that uses Firefox for the benefit of M$. IE has so many virus and malware sources Firefox will always be better.

Try Linux and stop having problems with Windows malware.
0 Votes
+ -
And we know this is a Windows-only extension?
Michael Kelly 1st Sep 2009
Most extensions are platform-independent.
0 Votes
+ -
HUGE difference...
mgp3 1st Sep 2009
Most extensions are platform-independent.

Yeah, but most of Gertruded's posts aren't. devil
0 Votes
+ -
Right. It doesn't matter that you shot a guy
John Zern Updated - 1st Sep 2009
as long as you can point to someone who blew up someone else!

If this is today's logic, we're doomed.
0 Votes
+ -
Yes! The "L" word!
kknpz 7th Sep 2009
One thing is consistent with ZDNet blogs- Linux fanatics will usually endeavor to get in their two cents in as soon as possible, regardless of blog subject matter. Can't find a driver? Linux does it better! Confused about how to do something in Windows (yes, I said it- W-I-N-D-O-W-S)? Fool! You can do it better in Linux. I swapped out my HDD and lost a screw. Fool! If you were using Linux you wouldn't have had to change your HDD, since Windows probably killed it!
I DEFY the L-heads to stifle the proselytizing when they have NOTHING relevant to contribute to a Talkback.
0 Votes
+ -
At least
Michael Kelly 1st Sep 2009
Firefox blocks the installation of add-ons from unknown sources, so at least there is a line of defense that forces the user to add the malicious web site to the list of safe sites. That gives the user a chance to inspect the URL and wonder why it's not a Mozilla or Adobe site.
0 Votes
+ -
The weak link is always idiots who click on everything
BillDem 1st Sep 2009
It's better to just disable add-ons for people who don't know any better than to click through whatever pops up. AND let me just say: Never give those people root/admin level access to a PC of any type. Set them up as a user, ONLY.
0 Votes
+ -
True, but
Michael Kelly 1st Sep 2009
At least the non-weak users have a fighting chance against this one. And yes, there's not a whole lot you can do about people who click on everything (despite all the warnings in the world) except to eliminate their installation rights entirely.
0 Votes
+ -
I'm confused...
cabdriverjim 1st Sep 2009
So, this add-on just magically installs itself to the computer with no protests from firefox? How about security warnings? Right, I thought so.

All I get from this is that:
1) People are ignorant.
2) People are stupid.
3) People don't read.

You can go to Best Buy, or any store, and purchase "legit" Windows software which does things at least as bad as this. Its no different at all EXCEPT in this case you get several warnings in a row from Firefox stating, in effect, that installing this is a dumb idea. As long as people can install software at all then they can install bad software. Just assuming everything on the Internet is safe is just stupid. No ONE can solve that problem. And its not a problem anyone should be solving. Inform the user that this may be a bad idea and if they do it anyway they are an idiot. Can we worry about real problems instead? There are some real doozies out there right now. This one is just silly.
0 Votes
+ -
Excatly the same as Internet explorer
jdbukis@... 2nd Sep 2009
You even get a UAC pop up on Vista atleast once!
0 Votes
+ -
Don't get too confused. Its simple.
Cayble 3rd Sep 2009
Its the same old story. Anyone who wants to think they are smarter then the rest of the world and chooses none MS software based on the fact that they believe its next to invulnerable compared to MS software has also traditionally discounted the fact that MS software receives the vast majority of attacks because MS has the vast majority of software in use. Usually the concept is discounted to ZERO.

Over the last year or so the evidence has been relentlessly mounting that the alternatives that have come into more popular usage are now suffering more attacks. And its the same kind of pattern that started with MS. They start simply at first, using relatively simple social/human fallibilities to let them do the dirty work. Rest assured there are a whole pile of users who have been mislead into thinking things like OSX and Firefox are invulnerable and have fell into the "click click click" pattern most MS users have been warned against for years, and now they too are starting to fall into the trap.

We all know what comes next if the MS alternatives gain enough popularity; someone will dissect the code in a significant enough manner and create the same kinds of problems with typical viruses and worms that Windows and IE have had to fight against.

Go ahead and don't believe it. Looks good on you if the day ever comes.

0 Votes
+ -
RE: Firefox add-on spies on Google usage, search results
bedekk@... 2nd Sep 2009
It's about time Firefox provided a more efficient means
of validating add-on reliability for add-ons it suggests
and hosts.
0 Votes
+ -
Mis-stated headline
Greenknight_z 3rd Sep 2009
Victims of this weren't trying to install a Firefox add-on - they thought they were installing a Flash update. The headline gives the wrong impression about what happened here - "Fake Flash update installs spyware Firefox add-on" would be more like it.

Users should know that installing Firefox extensions from sources other than Mozilla Add-ons is very risky, but they should also realize that getting updates to any program from random sources is a bad idea. Flash updates should come from Adobe, not from some forum post.

And if you get a request to allow a Firefox add-on to install when you try to install something that's not a Firefox add-on, alarms should go off in your head.
0 Votes
+ -
re:add ons
matchstich 4th Sep 2009
want to thank yall for not turning this into another-- one OS against another OS. i read these comment all the time to , perhaps , learn something.

am not a computer geek, but i do have friends call me to help clean infections out of their machines.

and most of which was caused by clicking on what they should not have.

i run linux due to being on disability . can not afford to buy windows. and i have had to reinstall a couple of times from infections.

with the exception of one, have no clue how my system got infected.
0 Votes
+ -
RE: Firefox add-on spies on Google usage, search results
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix