Tag Archives | malware

DontPhishMe

DontPhishMe is an Anti-Phishing add-on for Mozilla Firefox which utilizes the pattern matching techniques to provide anyone with information and notification to protect them against online banking phishing website.

Continue Reading →

Flagfox Delivers More URL Snooping Tools

Flagfox Add-on for FirefoxYou know, from an add-on called, Flagfox – I do not really expect much.  So it shows a country flag depicting the location of the current website’s server location.  That is neat and all, but not really helping me become a more functional website browser.  What you might not know though is there is more to this simple add-on that just flags.

Continue Reading →

New Unpatched Firefox Flaw

There is a new unpatched memory corruption flaw in the latest version of Firefox.  What this means is that hackers could drop malware onto vulnerable systems.

Chances are this will be fixed sooner, rather than later – here is a little more about the story from The Register:

Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June.

Older versions of the popular alternative browser might also be affected, Secunia warns.

Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.

Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla (there’s nothing in the pipeline just yet).

Best advice I can give to you is to browse safely, don’t go to web sites you don’t trust, and be sure to keep your security programs up to date.

UPDATE:

Found this via Mashable:

Until Mozilla addresses this vulnerability, here’s a temporary fix: Type about:config in Firefox address bar, and set “javascript.options.jit.content” to “false.”

So there is your fix for now.  Thanks to everybody who sent this in!

UPDATE #2:

This problem was fixed in Firefox 3.5.1, so the above hack from Mashable is no longer needed.  To check for updates, be sure to go to Help > “Check for Updates…” in Firefox.

One on One with CEO of Web of Trust

web-of-trust-interview

If I named ten extensions I am the biggest fan of, WOT Web of Trust would be on that exclusive list.

Why?  They provide a great service to the public, helping organize the public to alert itself about risky web site.  The real power in WOT isn’t the tools, it is the users.  It is the perfect mash up of the right tools, at the right time.  Anything that is simple to use, and makes users more aware of the risks around them is a good thing.  With that said, I wanted to talk a little more about the service with one of the people behind the magic, Esa Suurio, the CEO of Web of Trust.

What was the main inspiration behind the WOT Web of Trust add-on for Firefox?

Esa: The company was founded in 2006 by two postgraduate students, Timo Ala-Kleemola and Sami Tolvanen, both M.Sc. in Electrical Engineering. Timo and Sami graduated from Tampere University of Technology (Finland) where they had met and studied together.  Sami got the idea while researching reputation systems for his doctoral thesis. He originally planned on using it as a part of an Internet messaging system, but decided to try if it would work for websites too, and it did.

The guys put WOT on the Internet and it started to grow without any marketing, which clearly tells that there is a need for this kind of service.

Where did the name, Web of Trust, come from?

Esa: The name highlights that we are a people-driven service. The nature of Internet is open. No single authority can decide what is good and what is bad – neither has the resources to do so. We wanted to create a common platform for people to share their experience on websites and the services they offer. If unreliable sites were known to people, their lives would be short-lived.

There is no doubt that community is the most important part of your service.  What advice would you have to other add-ons or business looking to build a community around their own product?

Esa: We truly are a community-driven service. For example, when we develop our software, we ask our users what new functions they would like to have added. We read very carefully all the feedback we get from our users and use it as our guideline when we develop Web of Trust further. In our case it’s “product around the community” and not vice versa. The community members need to see that the systems gives them real value – I think that’s what make some communities grow.

We value our members and their contribution – for example, we just gave out Web of Trust Publicity Awards 2008 for users who have helped us to spread the word about WOT.

I’ll say in my personal opinion, I was happy to see you guys come along after an add-on that might be in the same category, SiteAdvisor, kind of got a lot worse after being picked up by McAfee. What is Web of Trust doing to make sure they don’t get too watered down?

Esa: SiteAdvisor is a great service and they are fighting on the same side with us. What makes Web of Trust different is the fact that our website ratings are based mainly on ratings coming from our users. This enables us to be faster and more accurate than computerized testing services. Internet fraud can often be only detected by a human person. Lets take an example: One of the latest trend of security threats against Internet users employs software products which pretend to be security tools that help you remove spyware or viruses. These fake anti-malware products scare users by giving false alarms and then try to deceive users into paying for removal of non-existing malware.

When these threats started to emerge last year, WOT was the first system to warn users about them, thanks to our active users who rated these sites. The quality of WOT website ratings has improved as our community has grown, so we definitely are on the right track.

Are you guys working on any spin-off or side projects right now or is your main focus still on Web of Trust.

Web of Trust is our main focus. There is so much to do. We are certainly not going to stop here – the journey has just begun.

Watch Out for the Trojan Greasemonkey!

943948800 Are the badware baddies trying to target a new audience?

Got this e-mailed in from a reader, so wanted to spread the word.  Can never be too careful these days.

BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A” (the ChromeInject suffix refers to the Chrome component of Firefox). The trojan installs itself into Firefox’s add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.

You can read more about the situation over at ars technicaThe real Greasemonkey is still malware-free and is totally safe to use. This trojan in question isn’t even the Greasemonkey script.  It just calls itself that to try to trick you down download it.  This seems to be a pretty stupid move from the trojan writers though, due to the fact that Firefox users who use Greasemoney (I would say) have a little higher Internet intelligence than your average punch a monkey to win a iPod person.

Greasemonkey Help Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Firefox 3.0 May Block Suspicious Sites

StopWill Firefox start telling you where you can or can not go? Where are my freedoms?! I can already smell some of the outrage that might be building over Firefox 3 blocking Web sites that try to install back stuff onto your computer. Personally I think it is a good thing after reading through this article from Computer World.

Here is the most interesting sample from the article in question.

“Similar to how Firefox 2 blocks Web sites that are potentially going to try to steal your personal information, Firefox 3 will block Web sites that we believe are going to try to install malicious programs on your computer,” said Alex Faaborg, a user experience designer in a blog entry last week. “Mozilla is coordinating with Google on this feature.”

So is it Firefox’s place to tell you where to go and where not to go? I think so. I think this is Mozilla trying to be proactive instead of being reactive.