Find the answer to your Linux question:
Results 1 to 10 of 10
Firefox Users Beware of New Malware | TechJaws From the report …. SYMPTOMS: Presence of the: “%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll” “%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser. js ” files in the Mozilla Firefox’s plugins and chrome ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2008
    Posts
    7

    Firefox - banking details ......


    Firefox Users Beware of New Malware | TechJaws

    From the report ….

    SYMPTOMS:
    Presence of the:
    “%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll”
    “%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js
    files in the Mozilla Firefox’s plugins and chrome folders.

    TECHNICAL DESCRIPTION:
    It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.

    Checks may be needed to see if similar version of the code can run in linux ….

    Will the following files run in linux ?
    (using wine ? will a .dll run in linux !!!)
    Can the virus work without the .dll running ?

    Is there another version that works within Linux ?

    Does anybody know - if it as been checked out yet ?

    Its very worrying .....

    Thanks for any help in advance ......

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Generally the .dll extension is 'dynamic link library' and is native to Windows. I can't say for sure but I'd imagine that it'd need to be coded again for Linux if it is using this format of plugin for Firefox. The js/javascript file would work but I don't think it would be any use without the dll.

  3. #3
    Just Joined!
    Join Date
    Mar 2008
    Posts
    7
    Quote Originally Posted by bigtomrodney View Post
    Generally the .dll extension is 'dynamic link library' and is native to Windows. I can't say for sure but I'd imagine that it'd need to be coded again for Linux if it is using this format of plugin for Firefox. The js/javascript file would work but I don't think it would be any use without the dll.
    The thing I am worried about is exactly what you have said ......

    How would we know or better still check to see if there was another file running doing the same thing as the .dll ................

    Thanks for the quick response ....

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Thanks to file permissions in Linux I don't think it would work even if they built a library for linux. I can't say for sure as I don't know how this one works but I'm not worrying too much about it. Just check your pluins in Firefox and make sure they are ones that you installed or that come with Firefox/your distro.

  6. #5
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,043
    Quote Originally Posted by bigtomrodney View Post
    I can't say for sure but I'd imagine that it'd need to be coded again for Linux if it is using this format of plugin for Firefox. The js/javascript file would work but I don't think it would be any use without the dll.
    What would be the best method of protection against future exploits which may not require the dll to function ?

    Online banking sites seem to use java as do various online shopping sites (which also tend to use flash as well).

    Would a separate user account for banking & online payment help?
    What about removal and reinstall of firefox and plugins on a regular basis?
    Using a live CD for banking is another option ... but that means previous exploits are still available?

  7. #6
    Just Joined!
    Join Date
    Mar 2008
    Posts
    7

    Thumbs up Solution Accepted ........

    Quote Originally Posted by Jonathan183 View Post
    Would a separate user account for banking & online payment help?
    What about removal and reinstall of firefox and plugins on a regular basis?
    Using a live CD for banking is another option ... but that means previous exploits are still available?
    Thanks for the replies .... feeling more confident all the time and glad I changed to Linux ....

    To the Quote ...
    This to me seems a brilliant idea ....

    Add a Seperate user account .... With minimal user rights - plus Firefox - no addons .... great solution.

    Just use this account for online banking ..... nothing else ..... with a very long password too.

    (Not keen on removing and re-installing firefox ...... even the download could be attacked)

    (Live CD similar - unless you get it direct from a bank with a guarantee - that you will be re-funded if someone still manages to get your account details)

    Barclays have a good idea too - you need a third (extra code) .... only its created with an external device. To access your account .

    Great Answers ....... new user account is the way .... with minimal rights and a stripped down firefox running in it ................. or another browser you prefer to use for that matter .... as long as it is regarded as safe .........

  8. #7
    Just Joined!
    Join Date
    Dec 2008
    Posts
    2
    a few more thoughts about browsing safely...

    - used the firefox plug-in "noscript". It is amazing and will block all javascript and flash until you specifically enable it for a host.
    - and together with "ad block", you will suddenly never again see ads on forums, etc.

    Investigate alternative browsers to firefox (search for lightweight browser)...
    - opera is popular but I'm unsure of its security features
    - lynx and elinks (?) are text based browsers but may not be able to render java
    - there's also evince (?) which can do some java but not all
    - kde (& kubuntu) have konqueror but again you will need to research its security

    So... you can research the above browsers and possibly dedicate a username and browser combination on your system which will provide the best possible defense against hostile web browsing.

    Chris

  9. #8
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,043
    Chris ... some interesting suggestions ...

    My current solution to this problem ...
    separate install with minimum installed (xorg,fluxbox,guarddog,firefox,rkhunter) patched on a regular basis with updates.
    Run noscript in firefox (not running adblock as I don't think this will improve security & introduces another exploit path).
    Really good password for user who can sudo to update system only. Root account has a really good password also ... considering locking root account.
    Access control set for local login only (/etc/security/access.conf), ssh server not installed.
    I think thats about as good as I can manage at the moment (as I learn more about Linux I may change to lock things down further) ... and is probably at least as strong as the bank end of things.

    I ruled out konqueror on the basis it has far too much functionality in addition to being a web browser ...
    I'd consider something like links but I'm pretty sure it won't work with the bank websites ... and I might struggle to get others to use it

    I considered a separate user account on my main distro but decided I probably was not clever enough to keep this clean of all potential exploits. It also had the weakness of having packages installed which don't need to be (for the online banking task).

    If you can spot obvious flaws in my approach which compromise security then please let me know
    My own list for future improvments ... probably next time I reinstall are:-
    lock root account (considering doing this for current install also)
    set own firewall rules rather than relying on guarddog (but need to play trying to break in from another box)
    startx only to run firefox so fluxbox not required.

  10. #9
    Just Joined!
    Join Date
    Dec 2008
    Posts
    2
    The only other thing I could think of to add to your security would be to "chroot jail" that special web browsing user, so they can't even get "up" from their home folder.

    Then there's the whole system file monitoring daemon. I forget what it is called, but had to install one once ... it does a snapshot of your system files, archives them, and then will occasionally scan them for changes.

    And to protect your system from yourself, people should use version control on all files they edit. *I* don't even do that, but it's a great way to not completely trash a server... and is something I would do if I were being paid to run a web host.

    Chris

  11. #10
    Just Joined!
    Join Date
    Jun 2006
    Posts
    15
    If you are doing online transaction it is better to use a browser without any add ons . Also it is better to open only that website at that time. Don't open a malicious website on another tab. Close the browser after you have done with transaction

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •