AfterDawn: Tech news
AfterDawn > News > Trojan forces Firefox to save web passwords

Trojan forces Firefox to save web passwords

Written by James Delahunty @ 09 Oct 2010 10:37 User comments (16)

Trojan forces Firefox to save web passwords Webroot is warning about a change that a Trojan makes to Firefox files that change the way the browser handles password information entered in forms on websites. Trojan-PWS-Nslog is found to modify a file used by Firefox (nsLoginManagerPrompter.js) in such a way that the browser simply saves all entered passwords and does not prompt a user anymore on whether or not it should.
Computer security firms generally advise against saving passwords in a web browser because they can so easily be retrieved either by a person physically using the browser or by malware installed on the computer. The keylogging Trojan, which copies itself as Kernel.exe to the system32 directory, creates a new user account on the machine in the background (Maestro).

It then retrieves information from the registry and saved passwords from Internet Explorer and Firefox. It attempts to send the stolen information to a server once per minute. The server is now actually offline, but the changes the malware makes to the Firefox browser file are not fixed by removal tools. Instead a user will have to re-install the Firefox browser to write a new copy of the file.



That's not the only interesting thing found with this trojan however. Embedded inside is an interesting string of text you wouldn't expect to see included with malware: "SaLiLoG keylogger server made by Salar Zeynali - Salixem@Gmail.com."

Webroot tracked down Zeynali's Facebook profile, where it says he is from Karaj, Iran. He writes crimeware just for fun. The "crimeware" is a keylogger creation tool he offers as a free download on a message forum he hangs out on. He also likes heavy metal music and sports a emo haircut by the way.

<Tech vendors hoping for stronger year-end sales >FCC looks to tackle mobile phone 'bill shock'
Previous Next  

16 user comments

19.10.2010 22:45
ROMaster2
Send private message to this user
Member

Quote:
"SaLiLoG keylogger server made by Salar Zeynali - Salixem@Gmail.com."
Hahaha, oh wow.

210.10.2010 00:50
GryphB
Send private message to this user
Member

LOL. Nice work id10t. Good thing I use linux and use Opera instead of FF.

310.10.2010 07:27
tatsh
Send private message to this user
Member

Originally posted by GryphB:
 LOL. Nice work id10t. Good thing I use linux and use Opera instead of FF.
Me too. I have this file at:
/usr/lib64/xulrunner-1.9.2/components/nsLoginManagerPrompter.js

And let's see who owns it:
-rw-r--r-- 1 root root

So only root can touch/read/overwrite this file! So unless you're stupid enough to type the password in when an app says it needs root and you don't know why, you can rest assured this file is not tampered and cannot be tampered with, just like everything in /usr, /etc, etc.

410.10.2010 08:28
Zealousi
Send private message to this user
Member

hahahaha lol

510.10.2010 08:42
Blessedon
Send private message to this user
Member

Firefox should do away with the option to save passwords altogether.

610.10.2010 09:28
Ryoohki
Send private message to this user
Member

I see nothing wrong with saving passwords in the browser. It saves a lot of time and hassle imo. Besides the only way to get these trojans is by being stupid anyway. If your security measures (and good common sense) aren't enough to combat installing malware to your computer you deserve what you get. Also as far as other people using your passwords, saving passwords to the browser on a public machine is equally stupid.

710.10.2010 14:26
biglo30
Send private message to this user
Senior Member

Originally posted by Blessedon:
 Firefox should do away with the option to save passwords altogether.
You do know that all browsers get you the option to save passwords right?

810.10.2010 18:35
lissenup2
Inactive

Originally posted by Ryoohki:
 I see nothing wrong with saving passwords in the browser. It saves a lot of time and hassle imo. Besides the only way to get these trojans is by being stupid anyway. If your security measures (and good common sense) aren't enough to combat installing malware to your computer you deserve what you get. Also as far as other people using your passwords, saving passwords to the browser on a public machine is equally stupid.
What??????????????????????????????????????????????

Did you just get a computer and start using it????????????????

Trojans can come from illicit websites and saving your PW is the DUMBEST F'ING THING ANYONE COULD DO. The laziness of not wanting to type your passwords is about as lazy as not wanting to wash your hands after dropping the kids off at the pool.

Your decision making privileges have been officially revoked.

910.10.2010 20:41
nonoitall
Send private message to this user
Senior Member

Originally posted by lissenup2:
 What??????????????????????????????????????????????

Did you just get a computer and start using it????????????????

Trojans can come from illicit websites and saving your PW is the DUMBEST F'ING THING ANYONE COULD DO. The laziness of not wanting to type your passwords is about as lazy as not wanting to wash your hands after dropping the kids off at the pool.

Your decision making privileges have been officially revoked.

I'm afraid you miss the point of a password manager. One of their key purposes is to encourage strong, unique passwords, which are impossible to handle without some sort of password manager (or a photographic memory). Firefox's password manager also has an optional master password that encrypts your passwords so they can't be accessed without the master password.

A keylogger can retrieve your password whether you use a password manager or not. (In fact, it's actually more likely to nail you if you don't use a password manager, since you won't be using keystrokes with a password manager.) If you get a trojan, you're basically screwed either way, so don't get one in the first place.
This message has been edited since its posting. Latest edit was made on 10 Oct 2010 @ 8:42

1010.10.2010 21:34
Blessedon
Send private message to this user
Member

Wait a second; answer me this:
Doesn't Informenter circumvent this Trojan, thus solving the problem?

1110.10.2010 22:07
wazzat
Send private message to this user
Junior Member

Thanks for this article. It reminded me to check my computer again. And yes. I use the master password w/ FF. Although it can be stubborn to open sometimes. Would use Pclinux or Mint or something else but they get corrupted after updating and before I can learn enough to use them well.

1211.10.2010 01:05
ROMaster2
Send private message to this user
Member

Quote:
I'm afraid you miss the point of a password manager. One of their key purposes is to encourage strong, unique passwords, which are impossible to handle without some sort of password manager (or a photographic memory). Firefox's password manager also has an optional master password that encrypts your passwords so they can't be accessed without the master password.

A keylogger can retrieve your password whether you use a password manager or not. (In fact, it's actually more likely to nail you if you don't use a password manager, since you won't be using keystrokes with a password manager.) If you get a trojan, you're basically screwed either way, so don't get one in the first place.
lissenup2's status:
[  ] Untold
[✓] TOLD

1312.10.2010 23:54
lissenup2
Inactive

Originally posted by nonoitall:
Originally posted by lissenup2:
 What??????????????????????????????????????????????

Did you just get a computer and start using it????????????????

Trojans can come from illicit websites and saving your PW is the DUMBEST F'ING THING ANYONE COULD DO. The laziness of not wanting to type your passwords is about as lazy as not wanting to wash your hands after dropping the kids off at the pool.

Your decision making privileges have been officially revoked.

I'm afraid you miss the point of a password manager. One of their key purposes is to encourage strong, unique passwords, which are impossible to handle without some sort of password manager (or a photographic memory). Firefox's password manager also has an optional master password that encrypts your passwords so they can't be accessed without the master password.

A keylogger can retrieve your password whether you use a password manager or not. (In fact, it's actually more likely to nail you if you don't use a password manager, since you won't be using keystrokes with a password manager.) If you get a trojan, you're basically screwed either way, so don't get one in the first place.
I must say this because I can't believe that this type of hand-holding is still necessary.

A password manager is different from FF "remembering passwords" and I encourage everyone to use a password manager as do I. Password safe is my choice and others use their own.

As for my statement..........it stands........having FF remember your passwords is F'ing GD incomprehensibly stupid and ignorant. Who gives a sh*t about "seeing" them......if your systm gets hacked or compromised then someone needs only log into your banking institution or service acount and voila, they got what they need.

I feel like you and ROMaster didn't pay any attention to the details or what I was saying and frankly, defending the use of "remembering passwords" is a sign of lack of common sense.

1413.10.2010 01:00
nonoitall
Send private message to this user
Senior Member

Originally posted by lissenup2:
 A password manager is different from FF "remembering passwords" and I encourage everyone to use a password manager as do I. Password safe is my choice and others use their own.

As for my statement..........it stands........having FF remember your passwords is F'ing GD incomprehensibly stupid and ignorant. Who gives a sh*t about "seeing" them......if your systm gets hacked or compromised then someone needs only log into your banking institution or service acount and voila, they got what they need.

I feel like you and ROMaster didn't pay any attention to the details or what I was saying and frankly, defending the use of "remembering passwords" is a sign of lack of common sense.

You're not making a whole lot of sense. Firefox's built-in "remember password" functionality is a password manager. You encourage its usage in one sentence and then discourage it in the next.

1513.10.2010 01:40
ROMaster2
Send private message to this user
Member

Quote:
I feel like you and ROMaster didn't pay any attention to the details or what I was saying and frankly, defending the use of "remembering passwords" is a sign of lack of common sense.
Or perhaps the ones without common sense are people who don't take measures to PREVENT their computer's information being compromised in the first place regardless of the manager. Hell I use the password manager myself so I don't have to type it in every bloody time, but I'm secured enough with all my other privacy settings nothing can steal it (at least without me knowing).

Try me, you can't hack me since the all the exploitable (i.e. useless) files were removed in the installation.

1615.10.2010 23:58
Jemborg
Send private message to this user
Senior Member

We take precautions anyway but we still do All our financial transactions on Puppy Linux now. If they're that desperate to read my eMails and post on forums using my name... pffft.


Comments have been disabled for this article.

Latest news

VLC hits milestone: over 5 billion downloads VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31)
VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times.
2 user comments
Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
8 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments

Reviews

Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner
Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product.
1 user comment
Samsung Jet Bot 80+ review - excellent robot vacuum cleaner Samsung Jet Bot 80+ review - excellent robot vacuum cleaner
We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months.
1 user comment

Guides

Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix
Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems.
1 user comment
Windows 11: Check if TPM is enabled on your computer Windows 11: Check if TPM is enabled on your computer
In this short guide we will look at how you can check the status of Trusted Platform Module (TPM) on your PC ahead of the coming launch of Windows 11.
What IP rating for dust and water resistance means What IP rating for dust and water resistance means
An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean?
1 user comment
Guide: Phone battery drains quickly - how to fix (iPhone / Android) Guide: Phone battery drains quickly - how to fix (iPhone / Android)
In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
HOWTO: Install Netflix App on rooted Android device HOWTO: Install Netflix App on rooted Android device
'This app is no longer compatible with your device. Contact the developers for more info.' If you are getting this message from Google Play when trying to install Netflix, then maybe this little guide can help you.

News archive

Sections:

Follow us:

© 1999-2024 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud