The file attached to the email consists of an executable Windows program, the AXM downloader. Once launched, it fetches the extension from the Internet and records itself directly into the Firefox configuration data, avoiding the regular installation process. Firefox extensions are normally distributed as XPI files, which ask the user for confirmation after forcing a pause of several seconds.
In a blog entry, Geok Meng Ong from McAfee Avert Labs called on users to take extreme caution when installing unsigned Firefox extensions from untrustworthy sources. This well-intended warning was actually off the mark on several points. One the one hand, only very few websites are authorized to install extensions without seeking additional approval. Furthermore there are at the moment virtually no signed extensions for Firefox or Mozilla. And finally, that mechanism would not have protected against this attack. This is because the user, in opening the file attachment and thereby allowing the foreign program to execute on his computer, automatically provides it with his own usage rights.
An effective protection against this attack is simply never to open file attachments that you have not requested. It is also important not to rely on seemly trustworthy 'From:' address fields, since these are easy to forge. When in doubt, confirm the legitimacy of the email with the purported sender in another way, such as by telephone. Further tips for safe handling of email are provided at heisec Emailcheck.
I'm a huge Firefox supporter, ever since Netscape became a clunky, over-bloated piece of crap (all versions following 4.71) -- Firefox offers a LOT more than Internet Explorer, and is open source! Check it out yourself at http://www.mozilla.com/firefox/
Know which "browser extentions" you are running at all times. Under Firefox, click on TOOLS then EXTENTIONS to see this information (the average user should have NONE in there!) -- for Internet Explorer, it's a bit more difficult. They're called Add-Ons, and you can see them from: Tools -> Internet Options -> Programs -> Manage Add-Ons. Several of the Internet Explorer Add-Ons are REQUIRED for proper web browsing, so use your brain to determine which ones can safely be "disabled" or removed.
(Firefox Extentions image ganked from here -- Thanks!)
- Current Location:Braintree, MA
- Current Mood:
geeky
- Current Music:Genesis - Abacab