Browser Bot Infection
What happens when your web browser becomes the "bot?" A look at a current Trojan infection campaign similar to the infamous Zeus malware makes open source web browser users a bit nervous.
The open source browser can now function like a bot and accept commands. It can process the content of the current page where it is located, redirect the user, halt the loading of particular pages, steal passwords, run executables, and even kill itself.
Unfortunately, the kill function is a bit excessive and deletes critical system files, which in turn prevents users from logging in properly.
The way it builds the malicious code into the open source browser is notable, because it uses the design of the browser against itself. In the past, researchers have seen threats create malicious extensions. Users would have to disable that particular add-on, which would eradicate the threat.
For this particular piece of malware, this is not the case. Since it is a component, it does not appear as an add-on in the browser's Add-ons Manager in the same manner other extensions and plugins appear. Furthermore, due to the design of the open source browser, the Trojan will be reinstalled every time the browser establishes a connection to the Internet.
HTML Attachments Used to Spread Malware
In the last month, security researchers have observed several large spam campaigns with malicious HTML attachments. A 2007 botnet is believed to be behind the spike in these attacks.
The exploit kit will then scan the target machine for vulnerabilities that can be exploited to install an information-stealing Trojan.