Comments for TrustDefender Labs http://www.trustdefender.com/blog Technical Updates from the TrustDefender Labs Tue, 06 Jan 2009 01:44:16 +0000 http://wordpress.org/?v=2.7 hourly 1 Comment on Firefox Malware - ChromeInject - the honeymoon is over by hypatia dot ca » 25C3 Day 2 http://www.trustdefender.com/blog/2008/12/06/firefox-malware-chromeinject-the-honeymoon-is-over/comment-page-1/#comment-84 hypatia dot ca » 25C3 Day 2 Sat, 03 Jan 2009 01:31:26 +0000 http://www.trustdefender.com/blog/?p=48#comment-84 [...] a drive-by-installer targeting users of the Greasemonkey plugin.  There’s more on it here; it wasn’t covered at all in the talk, and it no longer [...] [...] a drive-by-installer targeting users of the Greasemonkey plugin.  There’s more on it here; it wasn’t covered at all in the talk, and it no longer [...]

]]> Comment on Firefox Malware - ChromeInject - the honeymoon is over by Odette http://www.trustdefender.com/blog/2008/12/06/firefox-malware-chromeinject-the-honeymoon-is-over/comment-page-1/#comment-82 Odette Thu, 25 Dec 2008 03:46:53 +0000 http://www.trustdefender.com/blog/?p=48#comment-82 Just stopped by, nice blog! Just stopped by, nice blog!

]]> Comment on Firefox Malware - ChromeInject - the honeymoon is over by Thierry Zoller http://www.trustdefender.com/blog/2008/12/06/firefox-malware-chromeinject-the-honeymoon-is-over/comment-page-1/#comment-61 Thierry Zoller Wed, 10 Dec 2008 19:01:31 +0000 http://www.trustdefender.com/blog/?p=48#comment-61 It is known for years that you can silently install Firefox extensions: POC from 2006 http://secdev.zoller.lu/firespy.htm They also don't plan to do much abou it : https://bugzilla.mozilla.org/show_bug.cgi?id=442153 It is known for years that you can silently install Firefox extensions:
POC from 2006
http://secdev.zoller.lu/firespy.htm

They also don’t plan to do much abou it :
https://bugzilla.mozilla.org/show_bug.cgi?id=442153

]]> Comment on Firefox Malware - ChromeInject - the honeymoon is over by Ant » Blog Archive » Firefox malware: Trojan.PWS.ChromeInject.A/B http://www.trustdefender.com/blog/2008/12/06/firefox-malware-chromeinject-the-honeymoon-is-over/comment-page-1/#comment-59 Ant » Blog Archive » Firefox malware: Trojan.PWS.ChromeInject.A/B Wed, 10 Dec 2008 06:35:09 +0000 http://www.trustdefender.com/blog/?p=48#comment-59 [...] TrustDefender Labs 的實際樣本測試報告中,這個程式雖然是以 plugins [...] [...] TrustDefender Labs 的實際樣本測試報告中,這個程式雖然是以 plugins [...]

]]> Comment on Firefox Malware - ChromeInject - the honeymoon is over by meandering wildly » Firefox Malware? http://www.trustdefender.com/blog/2008/12/06/firefox-malware-chromeinject-the-honeymoon-is-over/comment-page-1/#comment-57 meandering wildly » Firefox Malware? Mon, 08 Dec 2008 17:28:33 +0000 http://www.trustdefender.com/blog/?p=48#comment-57 [...] credit to TrustDefender Labs’ blog post on the [...] [...] credit to TrustDefender Labs’ blog post on the [...]

]]> Comment on Recent mutation of Rustock.B - or is it zlob? (rootkit) by Noelani http://www.trustdefender.com/blog/2008/09/25/recent-mutation-of-rustockb-or-is-it-zlob-rootkit/comment-page-1/#comment-27 Noelani Mon, 10 Nov 2008 07:06:53 +0000 http://www.trustdefender.com/blog/?p=21#comment-27 Good post. Good post.

]]> Comment on new mutation of yaludle/silentbanker rootkit in the wild by Daniel Craig http://www.trustdefender.com/blog/2008/10/02/new-mutation-of-yaludlesilentbanker-rootkit-in-the-wild/comment-page-1/#comment-26 Daniel Craig Fri, 31 Oct 2008 04:59:05 +0000 http://www.trustdefender.com/blog/?p=31#comment-26 Hello, I was looking around for a while searching for rootkit and I happened upon this site and your post regarding new mutation of yaludle/silentbanker rootkit in the wild, I will definitely this to my rootkit bookmarks! Hello, I was looking around for a while searching for rootkit and I happened upon this site and your post regarding new mutation of yaludle/silentbanker rootkit in the wild, I will definitely this to my rootkit bookmarks!

]]> Comment on new mutation of yaludle/silentbanker rootkit in the wild by admin http://www.trustdefender.com/blog/2008/10/02/new-mutation-of-yaludlesilentbanker-rootkit-in-the-wild/comment-page-1/#comment-4 admin Thu, 02 Oct 2008 17:56:37 +0000 http://www.trustdefender.com/blog/?p=31#comment-4 @anonymous: well, the problem is that the trojan controls the session and the content you are seeing is NOT from the bank. So in this sense a mutual https authentication does not help much as the form where the confidential information is lost, is not the real deal. @anonymous: well, the problem is that the trojan controls the session and the content you are seeing is NOT from the bank. So in this sense a mutual https authentication does not help much as the form where the confidential information is lost, is not the real deal.

]]> Comment on new mutation of yaludle/silentbanker rootkit in the wild by anonymous http://www.trustdefender.com/blog/2008/10/02/new-mutation-of-yaludlesilentbanker-rootkit-in-the-wild/comment-page-1/#comment-3 anonymous Thu, 02 Oct 2008 15:01:57 +0000 http://www.trustdefender.com/blog/?p=31#comment-3 so, would mutual https authentication thwart this attack? so, would mutual https authentication thwart this attack?

]]>