We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Trojan forces Firefox to save passwords

Creates a new user account on infected PCs

A new Trojan, which forces the Firefox web browser to save user passwords and then uses them to create a new user account on the infected PC, has been identified.

Most security researchers recommend that users tell Firefox not to remember their passwords, since saved ones are so easily extracted by malware. The Trojan-PWS-Nslog malware discovered by security company Webroot, however, gets around user preferences altogether by actually deactivating the Firefox code that asks if it should save those passwords when the user logs into a secure site.

"Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explained in a blog.

"After the infection, the browser simply saves all login credentials locally, and doesn't prompt the user."

Specifically, the Trojan adds a few lines of code and 'comments out' other portions of code from the Firefox file called nsLoginManagerPrompter.js, with the result that all passwords get saved locally without any input from the user.

With that information, the Trojan creates a new account under the name 'Maestro' on the infected computer. It then "scrapes information from the Registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox's own password storage, and tries to pass the stolen information onward, once per minute," Brandt added.

The web domain intended to receive the stolen data has already been shut down, but code inside the malware revealed the author's name and email address, which led Webroot to a Facebook page for a hacker based in Iran who provides a free keylogger creator tool targeting users of Microsoft Windows. Webroot can easily identify and remove the Trojan from infected machines, it says. To fix the modified Firefox file, users should download the latest Firefox installer and install it over the existing installation. No bookmarks or add-ons will be lost in the process, Brandt said.

How to make Firefox forget
By default, Firefox does remember passwords.

To tell it not to, go to the Tools menu and select Options. From there, open the Security tab and uncheck the appropriate box, Webroot advises.

Mozilla's Firefox ranks second in global browser market share, according to Net Applications, with 23 percent of the browser market in September. The first beta release of Firefox 4 for Android phones just debuted this week.

See also: The 8 best privacy downloads for Firefox


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more