Tech Shout!

On Tuesday, security company McAfee has cautioned users of a new trojan that installs itself as a Firefox extension. McAfee said that it had detected websites linking to a virus known as FormSpy. Once the trojan is loaded on the infected computer, it starts sending personal data entered in the web browser to a malicious site.

McAfee warned: “This information can include, but is not limited to, credit numbers, passwords, e-banking pin numbers” and other sensitive information. The firm said the application is also capable of taking in passwords from ICQ (the “I seek you” program that alerts users to the presence of acquaintances online), FTP (file transfer protocol), IMAP (Internet message access protocol, an e-mail management program) and POP3 (post office protocol, a data format for e-mail) traffic.

In McAfee’s security advisory, the security giant has considered the issue as “low-risk,” and those with current DAT files would not be vulnerable to infection. The trojan requires another piece of malware, known as “Downloader-AXM” to work, and McAfee has already added protection against that virus. However, McAfee says it does continue to circulate in the wild.

Websites have been discovered linking to the trojan which is hosted at the IP address 81.95.xx.xx. It is installed using an exploit for Internet Explorer known as VBS/Psyme. The exploit is detectable through Internet Explorer with VirusScan enabled, and the FormSpy Trojan is detectable through the latest DAT file.

McAfee said, “AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.”