Webroot: Iranian distributes free Firefox password logger

Webroot: Iranian distributes free Firefox password logger

Summary: A freely available Trojan has been circulated that steals passwords stored within Firefox, Internet Explorer and the Windows Registry, security company Webroot reported last Wednesday.The Trojan, which Webroot named Trojan-PWS-Nslog, modified a core Firefox file — nsLoginManagerPrompter.

SHARE:
TOPICS: Storage
1

A freely available Trojan has been circulated that steals passwords stored within Firefox, Internet Explorer and the Windows Registry, security company Webroot reported last Wednesday.

The Trojan, which Webroot named Trojan-PWS-Nslog, modified a core Firefox file — nsLoginManagerPrompter.js — to make the web browser automatically save users' login credentials without asking their consent. It also took information from Internet Explorer's password storage area, along with the Windows Registry. The web server that the Trojan sent its data to is no longer active, according to Webroot.

Upon analysing the Trojan's source code, Webroot found that it contained the creator's name and email address. With this, they were able to track the creator to a message board, where it became apparent that he had distributed the Trojan as a free download. Webroot eventually found his Facebook profile, and discovered that he was based in Kiraj, Iran.

Though Webroot and other antivirus companies can detect and remove the Trojan, they cannot fix the modified file, Webroot said. However, downloading a new Firefox installer will, during the installation process, naturally overwrite the modified file.

Neither Microsoft nor the Mozilla Foundation had issued Trojan-specific patches at the time of writing.

Topic: Storage

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • I'm assuming this vulnerability only affects Firefox on the Windows operating system? From the sounds of it, it's an executable, which should fail to run on a Linux operating system.
    Chris_Clay