Twofer Malware: Rogue Internet Explorer Plugin Infects Firefox

A new piece of malware has emerged to help even out the debate between fans of Firefox and aficionados of Internet Explorer: a rogue IE plugin that also infects Firefox.

The malicious browser helper object (signed by Bitdefender as Trojan.Tracur.C) is downloaded and installed by users who believe they are upgrading Flash Player for Internet Explorer. Once on the system, the rogue BHO will drop – oh, the irony – a rogue Firefox add-on (identified by Bitdefender as Trojan.JS.Redirector.KY) that will monitor users’ on-line habits. At this point, switching browsers won’t help. Both Internet Explorer and Firefox browsers are infected.

The fake Firefox add-on (identified as Trojan.JS.Redirector.KY) “screens” any new web pages loaded into the browser and what kind of information (images, videos, maps, advanced searches) is fetched for the user. If the user types the URL of a search engine, such as Google, Yahoo, Aol, Bing or Ask, it would inject a piece of JavaScript code in the head element of the results page. The JavaScript snippet will hijack the users’ search toward malicious or fake web pages. From these sites, victims can end up downloading additional malware or adware.

By now, it should be a golden rule to stay away from software offered by non-official sites. Double-check, or triple-check, the location’s credibility before downloading a program, application or add-on. If you want to extend or upgrade your browser of choice, use the official distribution channels.

This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.