A new Firefox vulnerability reported on Tuesday affects primarily users of the browser on older versions of Windows, security firm Trend Micro has determined.
Present in both Firefox 3.5 and 3.6, according to Mozilla, the zero-day flaw causes a "drive-by download" whereby a malicious file is downloaded and run without the user's knowledge. It was first discovered on the official site for the Nobel Peace Prize, which was compromised by a malicious PHP Script called JS_NINDYA.A, Trend Micro found.
The exploit accomplishes its mischief by downloading a "back door" onto user systems, detected by Trend Micro as BKDR_NINDYA.A. It then connects to a remote malicious server, which cybercriminals can use to send various commands to the affected system, including deleting all files and shutting it down.
More: http://www.pcworld.com/businesscenter/article/208952/
............................................................................................
Present in both Firefox 3.5 and 3.6, according to Mozilla, the zero-day flaw causes a "drive-by download" whereby a malicious file is downloaded and run without the user's knowledge. It was first discovered on the official site for the Nobel Peace Prize, which was compromised by a malicious PHP Script called JS_NINDYA.A, Trend Micro found.
The exploit accomplishes its mischief by downloading a "back door" onto user systems, detected by Trend Micro as BKDR_NINDYA.A. It then connects to a remote malicious server, which cybercriminals can use to send various commands to the affected system, including deleting all files and shutting it down.
More: http://www.pcworld.com/businesscenter/article/208952/
