Firefox add-on spies on Google usage, search results

Firefox add-on spies on Google usage, search results

Summary: Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user's Google search results.

TOPICS: Browser, Google, Malware

Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user's Google search results.

The malicious Firefox extension, called "Adobe Flash Player 0.2," injects ads into the user's Google search results pages and even has the capability to monitor the user's browsing activities, particularly Google search queries using the Firefox browser.

It then sends the information it gathers to a hacker-controlled server.

Trend Micro has a detailed description of this piece of malware and some insight into why this could become a bigger problem for people migrating towards Firefox in search of better browser security:

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware targeting the most popular alternative Internet browser -- Firefox.

Users should be wary, as always, of downloading updates from unknown sources. They should also note that no browser is safe from malicious attacks as cybercriminals will do just about anything to infect users with their malicious code.

Topics: Browser, Google, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The malicious Firefox extension

    Yeh, let's try to panic everyone that uses Firefox for the benefit of M$. IE has so many virus and malware sources Firefox will always be better.

    Try Linux and stop having problems with Windows malware.
    • And we know this is a Windows-only extension?

      Most extensions are platform-independent.
      Michael Kelly
      • HUGE difference...

        [i]Most extensions are platform-independent.[/i]

        Yeah, but most of Gertruded's posts aren't. ]:)
    • Right. It doesn't matter that you shot a guy

      as long as you can point to someone who [b]blew up[/b] someone else!

      If this is today's logic, we're doomed.
      John Zern
    • Yes! The "L" word!

      One thing is consistent with ZDNet blogs- Linux fanatics will usually endeavor to get in their two cents in as soon as possible, regardless of blog subject matter. Can't find a driver? Linux does it better! Confused about how to do something in Windows (yes, I said it- W-I-N-D-O-W-S)? Fool! You can do it better in Linux. I swapped out my HDD and lost a screw. Fool! If you were using Linux you wouldn't have had to change your HDD, since Windows probably killed it!
      I DEFY the L-heads to stifle the proselytizing when they have NOTHING relevant to contribute to a Talkback.
  • At least

    Firefox blocks the installation of add-ons from unknown sources, so at least there is a line of defense that forces the user to add the malicious web site to the list of safe sites. That gives the user a chance to inspect the URL and wonder why it's not a Mozilla or Adobe site.
    Michael Kelly
    • The weak link is always idiots who click on everything

      It's better to just disable add-ons for people who don't know any better than to click through whatever pops up. AND let me just say: Never give those people root/admin level access to a PC of any type. Set them up as a user, ONLY.
      • True, but

        At least the non-weak users have a fighting chance against this one. And yes, there's not a whole lot you can do about people who click on everything (despite all the warnings in the world) except to eliminate their installation rights entirely.
        Michael Kelly
  • I'm confused...

    So, this add-on just magically installs itself to the computer with no protests from firefox? How about security warnings? Right, I thought so.

    All I get from this is that:
    1) People are ignorant.
    2) People are stupid.
    3) People don't read.

    You can go to Best Buy, or any store, and purchase "legit" Windows software which does things at least as bad as this. Its no different at all EXCEPT in this case you get several warnings in a row from Firefox stating, in effect, that installing this is a dumb idea. As long as people can install software at all then they can install bad software. Just assuming everything on the Internet is safe is just stupid. No ONE can solve that problem. And its not a problem anyone should be solving. Inform the user that this may be a bad idea and if they do it anyway they are an idiot. Can we worry about real problems instead? There are some real doozies out there right now. This one is just silly.
    • Excatly the same as Internet explorer

      You even get a UAC pop up on Vista atleast once!
    • Don't get too confused. Its simple.

      Its the same old story. Anyone who wants to think they are smarter then the rest of the world and chooses none MS software based on the fact that they believe its next to invulnerable compared to MS software has also traditionally discounted the fact that MS software receives the vast majority of attacks because MS has the vast majority of software in use. Usually the concept is discounted to ZERO.

      Over the last year or so the evidence has been relentlessly mounting that the alternatives that have come into more popular usage are now suffering more attacks. And its the same kind of pattern that started with MS. They start simply at first, using relatively simple social/human fallibilities to let them do the dirty work. Rest assured there are a whole pile of users who have been mislead into thinking things like OSX and Firefox are invulnerable and have fell into the "click click click" pattern most MS users have been warned against for years, and now they too are starting to fall into the trap.

      We all know what comes next if the MS alternatives gain enough popularity; someone will dissect the code in a significant enough manner and create the same kinds of problems with typical viruses and worms that Windows and IE have had to fight against.

      Go ahead and don't believe it. Looks good on you if the day ever comes.

  • RE: Firefox add-on spies on Google usage, search results

    It's about time Firefox provided a more efficient means
    of validating add-on reliability for add-ons it suggests
    and hosts.
  • Mis-stated headline

    Victims of this weren't trying to install a Firefox add-on - they thought they were installing a Flash update. The headline gives the wrong impression about what happened here - "Fake Flash update installs spyware Firefox add-on" would be more like it.

    Users should know that installing Firefox extensions from sources other than Mozilla Add-ons is very risky, but they should also realize that getting updates to any program from random sources is a bad idea. Flash updates should come from Adobe, not from some forum post.

    And if you get a request to allow a Firefox add-on to install when you try to install something that's not a Firefox add-on, alarms should go off in your head.
    • re:add ons

      want to thank yall for not turning this into another-- one OS against another OS. i read these comment all the time to , perhaps , learn something.

      am not a computer geek, but i do have friends call me to help clean infections out of their machines.

      and most of which was caused by clicking on what they should not have.

      i run linux due to being on disability . can not afford to buy windows. and i have had to reinstall a couple of times from infections.

      with the exception of one, have no clue how my system got infected.
  • RE: Firefox add-on spies on Google usage, search results

    Well done! Thank you very much for professional templates and community edition
    <a href="">seslisohbet</a> <a href="">seslichat</a>