Malicious toolbars and extensions try to hijack browsers
Straight from Ars Technica: “Spyware and malware authors have been busy creating malicious browser extensions and disguising them as legitimate. According to security software firm McAfee, the trojan known as FormSpy has been spammed as an e-mail attachment that pretends to be from a legitimate source. When the attachment is opened, it installs a Mozilla Firefox extension known as “NumberedLinks 0.9.” Unlike the real NumberedLinks 0.9, which is an open-source Firefox extension that allows web navigation by unique numbers attached to web page links, this doppleganger instead silently downloads a suite of keylogger applications that spend their time looking for credit card numbers, PIN numbers, passwords, and other user data from web, ICQ, FTP, IMAP, and POP3 traffic. This information is then sent back to the spammer’s web site.”
