Linux Solutions

It seems that those pesky kids are up to know good once more. A band of scam artists have targeted the popular Firefox browser from Mozilla with a Trojan that activates on start-up of the browser and steals any username and passwords a user types in.

The password thieving piece of software is built in to a Firefox plug-in, according to BitDefender, a security firm based in Romania. The Trojan, ChromeInject-A is downloaded onto a Windows PC, that already has malware and spyware issues.

Once the file has burrowed its way on to the users hard drive, it lies in wait until the user opens Firefox. The malicious code looks for data exchanged between an infected machine an a list of pre-programmed banking sites across Europe, America and Australia.

As if you haven’t guessed by now, the virus is of Russian origin. All the stolen details get fed back to a server located in the country.

So far BitDefender say that confirmed incidents of the malware’s success are “very low”, so that attack is not classed as especially serious. It is worth noting however that the concept of this type of virus is very clever indeed. Latching on to the rising popularity of a browser, that allows user built software to be downloaded as a plug-in is novel, and Firefox had best be on high alert – even if this one has had little impact.

Attacks like this are certainly not unheard of. Just two years ago Firefox found itself with a dodgy plug-in that included the malware FormSpy, but it was caught out before any major damage was caused.

In related Firefox news, Amazon – the nets most popular retailer – hailed the arrival of its long awaited MP3 download service, but a group of code monkeys had something else to announce – the arrival of a Firefox plug-in that linked the company to PirateBay.

The Amazon Service sells albums from £3, and individual tracks for just 59p. However the plug-in form the coders allows you to browse the Amazon download store, and then download the songs for free – not including the cost of your connection.

The extension was not deliberate according to the designers:

“We are not affiliated with The Pirate Bay, and do not host or even link to any illegal content,” they wrote.

“This artistic project addresses the topic of current media distribution models vs. current culture and technical possibilities,” the creators said to TorrentFreak.

The plug-in claims to work on all of Amazons products, not just MP3s. The site was down for a period with the message: “The Ship was hit. We’re offline”

Users can use the add-on on any Amazon page, and a ‘download 4 free’ button sits on the toolbar. PirateBay claims to have 25 million peers.