Spyware takes aim at Mozilla browsers
Stu Sjouwerman, the founder of anti-spyware vendor Sunbelt Software, said on Tuesday that his company has discovered what it believes is the first spyware to take aim at surfers using Mozilla-based browsers.
Richard Stiennon, the vice president of threat research at Webroot, which also combats spyware, said that this piece of spyware does not target Firefox specifically.
"According to my research team this site does not target Firefox, but it does target Mozilla," said Stiennon. "Only a matter of time now until a Firefox spy is discovered."
Although the spyware is only installed if users agree to a certain download, many users are likely to click through as the download's dialogue box gives no indication of the software's malicious payload, said Sjouwerman.
"It's done in a way that people might not recognise as a normal install, and will work in Firefox," said Sjouwerman. "Ok, it's not a full fledged spyware attack yet, but it definitely shows where it's going."
Graham Cluley, a senior technology consultant at Sophos, said this particular spyware will only work on Mozilla browsers running on Microsoft Windows and does not affect browsers running on Linux.
Experts believe that Mozilla-based browsers such as Firefox have become a greater target for spyware as their market share has rapidly increased over the last six months -- from 2.4 percent in May to 7.4 percent in November, according to Web traffic measurement company OneStat.com. Firefox has said that it is aiming for 10 percent of Web surfers by the end of 2005.
Sjouwerman said that 'stealth spyware' targeted at Firefox is "bound to happen" as hackers are currently working hard trying to find security holes in the open source browser.
"There's a small army of rogue programmers that are tearing Firefox apart," said Sjouwerman.
But Cluley said he is not sure what type of spyware will target Firefox.
"It's hard to predict precisely what form spyware for Firefox may take, as it will depend in part on what security flaws may be found in the Firefox code in the future and how quickly the community responds to patch those vulnerabilities," said Cluley.
David McGuinness, a Mozilla contributor, said Firefox provides protection against installing software from all sites apart from update.mozilla.org by displaying a yellow information bar if a site tries to automatically install code on the user's PC. But he warned that it will be more difficult to protect users against a stealth install.
"It all boils down to user education. People can install applications with variable amounts of effort from all browsers, it's the stealth attacks that are the problem where people get infected without running anything themselves," said McGuinness. "Fortunately Firefox has a better record on this than Microsoft has."