This document summarizes how malware can steal sensitive web information by exploiting Firefox vulnerabilities. It discusses how a malicious Firefox extension could intercept HTTP requests, parse them to retrieve usernames, passwords, credit card numbers entered by the user on various websites. The malware would collect these secrets into a list and send this list over the internet. It then describes some ways such a malicious extension could install itself on a victim's Firefox browser without their knowledge, including exploiting other software or extension upgrade vulnerabilities. It warns users to only install extensions from trusted sources and monitor their browser for unusual behavior.
5. Lets meet john Uses internet for social networking. For example Facebook, orkut, myspace etc. Uses Email for professional as well as personal communication. For ex. Gmail, Yahoo or Corporate webemail Uses internet for his credit card transactions. For ex. Citibank, ICICI bank, HSBC etc Uses internet banking for managing his day to day finance activity Blogs on internet for professional as well as personal purpose.
6. John’s online world Problem Statement How to retrieve values of elements like username, password, credit card number, IPIN etc for a particular web resource (Gmail /Yahoo/Banking website etc)
7. Malware -Architecture Our Malware is nothing but a malicious Firefox extension Target List Secret List Secret Collector Engine Communicator Module
8.
9.
10. Malware -Target List Set of websites we want to steal secrets for URL: https://www.google.com/Auth Number of attributes: 2 Attribute Names: Email, Passwd
11. Malware - Secret List Set of collected secrets URL: https://www.google.com/Auth Number of attributes: 2 Name: Email, Value:john@gmail.com Name: Passwd Value :helloworld
17. Attack Flow Facebook extension update Server Attacker’s update Server Hosting malicious extension John’s FF running Facebook extension Hacker running Master Server X Y Untrusted public network What is IP of update server Update server is at Y Fetches Target Lists Sends collected Secrets