Firefox zero-day under attack at Nobel Peace Prize site

Malicious hackers are exploiting a zero-day vulnerability in Mozilla's Firefox browser to launch drive-by download attacks against visitors to the Nobel Peace Prize website.

According to researchers at Norman ASA, Firefox users who surfed to the site were silently infected with Belmoo, a Windows Trojan that gives the attacker complete control of the machine.

The exploit was successful on Firefox versions 3.5 and 3.6, according to Norman.

Once a drive-by download is successful, Norman said the malware would then attempt to connect to two Internet addresses, both which point to a server in Taiwan.

Mozilla's security response team is investigating the issue, according to a spokesperson.

UPDATE:

Mozilla has now confirmed the zero-day nature of the vulnerability and in-the-wild exploits.  The open-source group describes the issue as "critical" and confirms it affects fully patchedFirefox 3.5 and Firefox 3.6 users.

Users who visited an infected site could have been affected by the malware through the vulnerability. The trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox’s built-in malware protection. However, the exploit code could still be live on other websites.

Mozilla said it has already diagnosed the issue and is currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested.

The group urged its users to immediately:

• Disable JavaScript in Firefox.
• Using NoScript Add-on.