FormSpy (aka FireSpy) is a new spyware program designed to integrate into the Mozilla browser environment. It is being spread by spam email spoofed to appear as a billing issue from Walmart. It was launched on July 24th. The attachment contains a downloader malware agent that can install FormSpy as a Firefox plugin. This new threat can be avoided easily by users avoiding spam email and attachments.
FormSpy - Spyware program hooks into Mozilla Firefox
http://www.avertlabs.com/research/blog/?p=62
http://vil.nai.com/vil/content/v_140256.htm
QUOTE: Upon execution, it registers Mozilla event listeners to the malware and sends information submitted by the victim in the web browser to a malicious website. These information can include, but is not limited to, credit card numbers, passwords, e-banking pin numbers etc. The main executable is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic.
FireSpy - Sophos Writeup
http://www.sophos.com/security/analyses/trojfirespya.html
QUOTE: Troj/FireSpy-A will then attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms
----- EMAIL TO AVOID -----
Downloader-AXM - Massively spammed on 07/24/2006
http://vil.nai.com/vil/content/v_140257.htm
From: billing support [mailto:info@walmart.com]
Subject: Your order information WC2905036
Message: Dear Sir/Madam, Thank you for shopping with our internet shop. Your order, WC2905036,has been received. Summary of your order you can see in the attachment
file.
Attachment: wc2905036.exe