FormSpy - Spyware program hooks into Mozilla Firefox

  FormSpy (aka FireSpy) is a new spyware program designed to integrate into the Mozilla browser environment.  It is being spread by spam email spoofed to appear as a billing issue from Walmart.  It was launched on July 24th. The attachment contains a downloader malware agent that can install FormSpy as a Firefox plugin.  This new threat can be avoided easily by users avoiding spam email and attachments.

FormSpy - Spyware program hooks into Mozilla Firefox
http://www.avertlabs.com/research/blog/?p=62
http://vil.nai.com/vil/content/v_140256.htm

QUOTE: Upon execution, it registers Mozilla event listeners to the malware and sends information submitted by the victim in the web browser to a malicious website. These information can include, but is not limited to, credit card numbers, passwords, e-banking pin numbers etc. The main executable is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic.

FireSpy - Sophos Writeup
http://www.sophos.com/security/analyses/trojfirespya.html

QUOTE: Troj/FireSpy-A will then attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms

----- EMAIL TO AVOID -----

Downloader-AXM - Massively spammed on 07/24/2006
http://vil.nai.com/vil/content/v_140257.htm

From: billing support [mailto:info@walmart.com]

Subject: Your order information WC2905036

Message: Dear Sir/Madam, Thank you for shopping with our internet shop. Your order, WC2905036,has been received. Summary of your order you can see in the attachment
file.
 
Attachment: wc2905036.exe