Firefox users better be on the lookout for an extension disguising itself as the legitimate Numbered Links extension. There is a modified version making its way around that, once installed, will watch for users to type private information like passwords or credit card numbers.
Most people will not have to worry about this but users are being infected by installing a third-party software called Downloader-AXM. That is a trojan virus that is spread through the following email:
From: billing support [mailto:info@walmart.com]
Subject: Your order information WC2905036Dear Sir/Madam,
Thank you for shopping with our internet shop. Your order, WC2905036,
has been received. Summary of your order you can see in the attachment
file.
This email is to confirm the receipt of your order. Please do not reply
as this email was sent from our automated confirmation system.
Please Note: There is no need to re-send your request or call our
customer service department for status or tracking number, this will
only delay our response time to you. Rest assured, we are making every
effort to process and ship your order within 1 to 2 business days. We
appreciate your understanding and patience and do value your business.
Once your order has been processed and shipped a FEDEX Tracking number
will be automatically emailed to the address provided.
Please Note: Tracking information will be available in FedEx’s system
only after 10pm EST Monday thru Friday. If you receive a tracking number
on Sunday, you will be able to track it Monday evening after 10pm EST.
All orders placed including 1-2 or 2-3 business day options are shipped
within 48 hours providing the merchandise is in stock.
All FedEx Ground orders will take 7-10 business days to arrive.
Some packages may require a signature upon delivery. These packages will
not be left without a signature. For your convenience, we will email you
a FedEx tracking number on all successfully processed and shipped
orders.
All Plasma TVs, DVD players, Scanners, Fax Machines, Receivers, Home
Theater, and Printers are not returnable after box is opened.
To insure the best handling of your order please allow 24-48 business
hours for the processing and the shipping of your order. Thank you for
your cooperation.
We hope you enjoy your order! Thank you for shopping with us!Attachment: wc2905036.exe
For more information on the modified extension visit McAfee’s site or read more about it on TechWeb.
To install it, you have to run IE first….it uses an IE exploit to directly write the files into the Firefox profile. So it’s not a Firefox security flaw at all.
Just for a little more clarification for you about this.
“The FormSpy trojan does not use any Firefox security flaws to infect computers. Instead, it is downloaded and installed automatically by a piece of Windows malware known as Downloader-AXM, which exists solely for the purpose of surreptitiously downloading and running trojan horses. Once downloaded by Downloader-AXM, FormSpy installs itself in Firefox by directly modifying Firefox user profile files, completely bypassing the standard Firefox extension installation mechanism (and warning messages).”
from [mozillazine.org]