Hackers Exploit Firefox Flaw On Nobel Site

Firefox users beware of the Nobel Peace Prize website, nobelpeaceprize.org, after a Norwegian security firm warned that it was compromised.

According to Norman ASA, the Nobel Peace Prize website was infected early Tuesday, with the Trojan being transmitted through a vulnerability in Firefox version 3.5 and 3.6. It said that this unpatched vulnerability was originally discovered by Telenor SOC (Norwegian language).

Unpatched Vulnerability

“The Norman Malware Detection Team in Oslo found that the attack was enabled by a zero-day vulnerability in the popular Firefox web browser and recommend all Internet users be cautious when surfing the net,” said the company.

“If a user visited the Nobel Prize site while the attack was active early Tuesday using Firefox 3.5 or 3.6, the malware might be installed on the user’s computer without warning,” it said.

According to Norman, the malware then attempts to connect to two Internet addresses, both of which point to a server in Taiwan. If the connection was successful, the attacker would have access to the infected computer. “This Trojan could be active on other websites,” said the company.

More information on this exploit is available here.

Mozilla moved quickly to reassure that it was on the case.

“Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users,” it said. “We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.”

Mozilla said that Firefox users who visited the infected site could have been affected by the malware through the vulnerability.

Trojan May Have Moved

“The Trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox’s built-in malware protection,” it said. “However, the exploit code could still be live on other websites.”

Mozilla said that it has diagnosed the issue and is currently developing a fix.

This fix will be pushed out to Firefox users as soon as the fix has been properly tested, Mozilla said.

In the meantime, it advised Firefox users to protect themselves by either disabling JavaScript in Firefox, or using the NoScript add-on.

Zero Day Attacks

Zero-day attacks are a computer threat that tries to exploit computer application vulnerabilities quickly, while they unknown or undisclosed to the software developer.

It has been well known that exploits are getting more complex nowadays, but zero-day attacks have been most usually associated with Adobe software of late. But the news that browsers are also vulnerable should not come as any surprise.

Last month for example, a Google security engineer found a flaw in Internet Explorer 8 (IE8) that could be exploited to attack users. And earlier this year Mozilla quickly fixed a critical bug in its Firefox browser after the German government advised the public to stop using the browser.

Security researchers are divided on the idea of switching browsers every time a vulnerability appears, as the cycle of vulnerabilities may affect all software in time. Last year for example Germany and France also advised users to ditch Microsoft Internet Explorer until the vulnerability tied to the Aurora attack on Google was patched. That vulnerability was fixed in January 2010.