Mozilla has confirmed that it has disabled a malicious add-on that posed as being from Microsoft.
According to Arstechnica, a Mozilla representative said the malicious add-on named “Microsoft .NET Framework Assistant”, was no longer available.
“This was used by ‘Advanced Power’ as part of its attack. You should always be careful with anything you download. It’s a good idea to use many layers of protection, including anti-virus software to stop malware,” the spokesperson said.
The research was initially done by security blogger Brian Krebs who reported on the Advanced Power botnet that had enslaved more than 12,500 systems and forced infected PCs to scour websites for security vulnerabilities.
He said that the botnet had been in operation since May 2013 and once enslaved, PCs conduct SQL Injection attacks on websites to look for vulnerabilities. Other unused functions allowed it to steal passwords and other sensitive information from infected machines.
“Rather, the purpose of this botnet seems to be using the compromised Windows desktops as a distributed scanning platform for finding exploitable websites. According to the botnet’s administrative panel, more than 12,500 PCs have been infected, and these bots in turn have helped to discover at least 1,800 web pages that are vulnerable to SQL Injection attacks,” he said.
Sean Power, security operations manager at DOSarrest, told IT Security Guru that the plug-in was essentially hiding a vulnerability scanner, but this was by no means a new attack method.
“I’m a little surprised it doesn’t happen more often. This is something people will have to be on the lookout for and be more vigilant about, especially as it can be easily hidden within mobile apps,” he said.
“One should only ever install software from a trusted source. This is not a flaw in Firefox; the reason for targeting Firefox users I expect is because the developers likely had previously experience developing software for Firefox. Users should be just as vigilant when installing software on any platform.”
