On an article published last Wednesday, Webroot researcher Andrew Brandt explained: ' Before infection, the default installation of Firefox 3.6.10 prompted users after they clicked on. Log In button on a web page, asking if they want to save the login password. After infection, this browser simply saves all login information, and does not prompt the user '.
More specifically, the Trojan adds some code and notes to add other parts of the code from Firefox's file called nsLoginManagerPrompter.js , with the result that all passwords are saved without needing to work. action of the user.
Follow the trace
With the above information, the Trojan will create a new account under the name " Maestro " on the infected computer. It then searches for more information from the Registry, on the area called Protected Storage used to store IE passwords, and from Firefox's password storage area, and attempts to relay the information stolen every minute.
The website used to receive the stolen information is completely blocked, but the code inside the malware reveals the author's name and email address information. This information led Webroot to a hacker site in Iran, who provided a free Keylogger tool aimed at Microsoft Windows users.
Webroot can easily identify and remove Trojans from infected machines. To be able to fix the modified Firefox files, users should download the latest installation of Firefox and install them on the existing version. Brandt said that in this way, there will be no bookmarks or add-ons lost during the installation process.
How to help Firefox "forget"
According to Net Applications , Mozilla's Firefox browser currently ranks second in the web browser market share, with a 23% share in September. The first beta version of Firefox 4 for Android has also been released this week.
By default, Firefox will remember the user password. To remove this feature, go to the Tools menu and select Options . Here, open the Security tab and remove the check box in the corresponding box.