We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Trojan forces Firefox to save passwords

Creates a new user account on infected PCs

A new Trojan, which forces the Firefox web browser to save user passwords and then uses them to create a new user account on the infected PC, has been identified.

Most security researchers recommend that users tell Firefox not to remember their passwords, since saved ones are so easily extracted by malware. The Trojan-PWS-Nslog malware discovered by security company Webroot, however, gets around user preferences altogether by actually deactivating the Firefox code that asks if it should save those passwords when the user logs into a secure site.

"Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explained in a blog.

"After the infection, the browser simply saves all login credentials locally, and doesn't prompt the user."

Specifically, the Trojan adds a few lines of code and 'comments out' other portions of code from the Firefox file called nsLoginManagerPrompter.js, with the result that all passwords get saved locally without any input from the user.

With that information, the Trojan creates a new account under the name 'Maestro' on the infected computer. It then "scrapes information from the Registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox's own password storage, and tries to pass the stolen information onward, once per minute," Brandt added.

The web domain intended to receive the stolen data has already been shut down, but code inside the malware revealed the author's name and email address, which led Webroot to a Facebook page for a hacker based in Iran who provides a free keylogger creator tool targeting users of Microsoft Windows. Webroot can easily identify and remove the Trojan from infected machines, it says. To fix the modified Firefox file, users should download the latest Firefox installer and install it over the existing installation. No bookmarks or add-ons will be lost in the process, Brandt said.

How to make Firefox forget
By default, Firefox does remember passwords.

To tell it not to, go to the Tools menu and select Options. From there, open the Security tab and uncheck the appropriate box, Webroot advises.

Mozilla's Firefox ranks second in global browser market share, according to Net Applications, with 23 percent of the browser market in September. The first beta release of Firefox 4 for Android phones just debuted this week.

See also: The 8 best privacy downloads for Firefox


IDG UK Sites

New Amazon Kindle Fire HD6 and Fire HD7: Release date, price and specs

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room