Brian Krebs last week reported how a botnet was enlisting Firefox users to hack websites. Commenting on this, Sean Power, security operations manager for DOSarrest said:
“The Firefox plug-in that was seen targeting sites viewed by the user is essentially hiding a vulnerability scanner that scours web pages and attempts to carry out attacks like SQL injections that can provide them with database access or elevated privileges and then reports the findings back to the developer. It is by no means a new attack method, and I’m a little surprised it doesn’t happen more often. This is something people will have to be on the lookout for and be more vigilant about, especially as it can be easily hidden within mobile apps. One should only ever install software from a trusted source. This is not a flaw in Firefox, the reason for targeting Firefox users I expect is because the developers likely had previously experience developing software for Firefox. Users should be just as vigilent when installing software on any platform.”
About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 6 years now.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.