Critical Firefox Security Zero-Day Under Attack

 
 
By Brian Prince  |  Posted 2010-10-27
 
 
 

A critical Mozilla Firefox zero-day has surfaced in the wild.

According to security researchers, an attack using the bug was spotted Oct. 26, when the vulnerability was seen being exploited to drop malware on unsuspecting visitors to the Nobel Peace Prize Website.  

Researchers at Norman ASA reported that the malware tries to connect to two Internet addresses pointing to a server in Taiwan. If the connection was successful, the attacker would have access to the infected computer, the company reported, warning the Trojan could also be active on other sites.

According to Symantec, the malicious file is dropped to the %Windir%\Temp folder when the exploit code is successfully run as Backdoor.Belmoo.

"Funnily enough, the name of this file is "symantec.exe"," blogged Joji Hamada, senior security researcher at Symantec. "The file attempts to connect to remote domains that are hosted in Taiwan and when successful, it opens a command shell to start a connection. This allows the attacker to send commands and pretty much perform anything on the compromised computer as if s/he is sitting in front of it."

According to Mozilla, the vulnerability affects Firefox versions 3.5 and 3.6. While users wait for a patch, they can either look to the NoScript add-on for a solution or disable JavaScript.

"We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested," Mozilla said.

*UPDATE: This bug has since been patched. More information is available on the Security Watch blog.

Rocket Fuel