X hits on this document

PDF document

Sunbelt Software Spyware Research Center - page 2 / 11





2 / 11

Sunbelt Software: Spyware, Adware, & Mozilla Firefox



Over the past few months security experts have speculated that we could see new spyware and adware crafted for Mozilla Firefox, an alternative browser which is becoming more popular with users looking to avoid spyware problems previously thought to be exclusive to Microsoft's Internet Explorer (http://internet.newsforge.com/article.pl?sid=05/01/31/2121249). Until now most of this speculation has centered on the potential for security holes in Firefox that could be exploited by spyware and adware creators. But such speculation is arguably misguided. In fact, we already have seen instances of spyware and adware that can be installed through Mozilla Firefox. These cases haven't received much attention, however, largely because researchers have been too focused on security exploits instead of the more run-of-the-mill methods through which spyware and adware are typically delivered to users' desktops: namely, social engineering techniques that spring unwanted software on confused users who aren't careful enough about what they click.

Security Vulnerabilities & Firefox

It is understandable that security exploits have become a primary concern when discussing spyware and adware. Security holes in Internet Explorer have been used with great success to install spyware and adware surreptitiously on PCs without any notice or warning whatsoever to victims. Variants of CoolWebSearch and VX2/Transponder, for example, are notorious for exploiting security holes to "stealth install" on PCs and then wreak havoc. Currently there are credible reports that the "Searchmeup" CoolWebSearch variant is exploiting the "LoadImage" vulnerability that was discovered in December by Chinese researchers and patched in January by Microsoft (http://www.internetnews.com/security/article.php/3487251).

Security researchers are justified in predicting that we could see spyware and adware that is similarly designed to exploit security vulnerabilities in Mozilla Firefox, which recently surpassed 25 million downloads and is becoming ever more popular among users weary of the battle against virulent spyware and adware. The security research firm Secunia reports 11 advisories for Firefox over the past two years, the vast majority after August of 2004 (http://secunia.com/ product/4227/%20(Firefox)). The most recent batch of Firefox security vulnerabilities included a flaw that could cause Firefox users to fall victim to phishing schemes (http://www.nwfusion. com/news/2005/0225mozilwarns.html). (Ironically, Microsoft's much maligned Internet Explorer was not affected by this particular vulnerability.) And though these latest security vulnerabilities are fixed in the recently released Firefox version 1.0.1, Secunia notes that Firefox is still affected by three vulnerabilities that are rated "less critical."

So, we have encountered security vulnerabilities in Firefox before. Moreover, it's a fair bet that we'll see even more of them as Firefox becomes more popular among users and starts receiving more attention from hackers. But this focus on security exploits risks distracting us from a potentially more serious problem in Firefox -- namely, the risk that users could be tricked into "consenting" to the installation of software that they don't fully understand, want, or need. If we look at the ways software can be installed in Firefox, we should recognize that this a very real danger.

Document info
Document views20
Page views20
Page last viewedFri Oct 28 23:48:06 UTC 2016