Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Patchy Phisher Forces Firefox to Forego Forgetting Passwords

07 Oct 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Patchy Phisher Forces Firefox to Forego Forgetting Passwords

Quote:
Every browser can, at the user’s discretion, be set up to remember passwords. In general, Webroot advises most users not to set the browser to store login credentials, because they’re so easily extracted by password-stealing Trojans like Zbot. In Firefox, for example, you can click Tools, Options, then open the Security tab, and uncheck a box that tells the browser to remember passwords entered into Web forms. (The box is checked by default.)

But in the course of taking a more thorough look at a Trojan that came to our attention in July, we were surprised to see the Trojan modify a core Firefox file. Upon closer inspection, the Trojan patches a file named nsLoginManagerPrompter.js. The patch adds a few lines of code (displayed above), and comments-out other portions of code, that dictate whether Firefox prompts the user to save passwords when he or she logs into a secure site.

Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password. After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user.

The keylogging Trojan copies itself to the system32 directory with the filename Kernel.exe; drops and registers an old, benign, deprecated ActiveX control called the Microsoft Internet Transfer Control DLL, or msinet.ocx (MD5: 7BEC181A21753498B6BD001C42A42722), which it uses to communicate with its command and control server; then it creates a new user account (username: Maestro) on the infected system.
More -
Patchy Phisher Forces Firefox to Forego Forgetting Passwords « Webroot Threat Blog


My System SpecsSystem Spec
.

07 Oct 2010   #2

 

It's kind of foolish to set up automatic logins anyway.. easiest way to forget important passwords
My System SpecsSystem Spec
Reply

 Patchy Phisher Forces Firefox to Forego Forgetting Passwords




Thread Tools



Similar help and support threads for2: Patchy Phisher Forces Firefox to Forego Forgetting Passwords
Thread Forum
IE9 keeps forgetting usernames, passwords Browsers & Mail
New Firefox Extension Forces HTTPS Sessions on Popular Websites Security News
Colours patchy, (like 16-bit or 256) Hardware & Devices
Chrome Outpaces Firefox and Opera, Forces IE Under 60% Browsers & Mail
Firefox passwords - Trust no one and how it applies. Browsers & Mail
Firefox, W7, And Passwords ? Browsers & Mail
firefox is no longer saving my passwords Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:54 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33