|09 Nov 2010||#1|
| || |
Search Hijacker Adds Files to Firefox Profile
In September, I posted an item about a dropper which we call Trojan-Dropper-Headshot. This malware delivers everything including the kitchen sink when it infects your system. It has an absolute ton of payloads, any of which on their own constitute a serious problem. All together, they’re a nightmare.
Among the payloads, we’ve seen this monstrosity drop downloaders (Trojan-Agent-TDSS and Trojan-Downloader-Ncahp, aka Bubnix), adware (Virtumonde, Street-Ads, and Sky-banners), keyloggers (Zbot and LDpinch), clickfraud Trojans (Trojan-Clicker-Vesloruki and at least three other generic clickers), and a Rogue AV called Antivir Solution Pro. So this is one nasty beast that has no qualms about using the shotgun approach to malware infections.
But we also noticed that it has added yet another intriguing installer to its panoply of pests: It’s a small executable named seupd.exe (search engine updater?) that makes two minor (but obnoxious) modifications to Firefox. The result of these modifications changes the behavior of Firefox’s search bar, the small box that lets you send queries directly to search engines, located to the right of the Address Bar.
The modifications are not immediately apparent unless you try to search Google for something, using either the Search Box or the Address Bar: Instead of sending your search to Google, the browser submits search queries to one of six different domains not owned by Google, but which appear to use the Google API to provide results — and, presumably, earn a little ad revenue on the side.
The modifications add a file named user.js to the currently logged-in user’s Firefox profile. The presence of a file by this name is not necessarily an indication of an infection, but in this case, the user.js file contains the instructions that tell the browser where it should submit searches when you have Google set as the default engine to use in the Search Bar’s dropdown menu.
Search Hijacker Adds Files to Firefox Profile « Webroot Threat Blog
|My System Specs|
|Similar help and support threads for2: Search Hijacker Adds Files to Firefox Profile|
|Firefox 21 release adds to Social API, closes security holes||News|
|Like? New Firefox adds Facebook integration||News|
|Gmail adds support for search inside message attachments||News|
|Mozilla Patches 9 Firefox Bugs, Adds Plug-in Crash Protection||News|
|Firefox Profile switcher||Browsers & Mail|
|How would you remove Search Engine Hijacker||System Security|
|Mozilla adds extra Firefox 3.6 beta.||Browsers & Mail|