Attackers exploit zero day vulnerability in Firefox
The trojan attack on visitors to the Nobel Peace Prize web site reported on Tuesday, exploited a previously unknown vulnerability in Firefox. No detailed information on the vulnerability is available at present, with access to the Bugzilla entry restricted to registered developers only.
It is fairly rare for attackers to exploit unknown vulnerabilities in Firefox. A zero day exploit for Firefox did crop up in the middle of last year, but at the time it was not being actively exploited for attacks.
The Nobel Peace Prize web site has now been disinfected, but the Mozilla Foundation expects there to be other web sites out there which are using the exploit to distribute malware. It is not known how many users may have fallen victim to the attack.
According to analysis by Trend Micro, the exploit only attempts to infect older versions of Windows running Firefox 3.6.x. The exploit remains inactive when faced with Windows 7 and Vista (which it detects via the browser header) – probably because there are too many security obstacles to overcome under these operating systems. The exploit installs a back door (BKDR_NINDYA.A.) which makes contact with a number of servers.