Jump to content

Mozilla moves to stop spyware company from spoofing Firefox


nsane.forums

Recommended Posts

nsane.forums

Mozilla sent a cease-and-desist letter on Tuesday to a European company that created a piece of spyware masquerading itself as the Firefox browser.

The move comes after computer security researchers said on Tuesday that they discovered that a well-known spyware program called FinSpy was spoofing Firefox. Mozilla was alerted by the researchers, who are with Citizen Lab, a research project that is part of the University of Toronto's Munk School of Global Affairs.

FinSpy is one component in a set of remote interception and intrusion tools called FinFisher, which is made by a subsidiary of U.K-based Gamma Group called Gamma International.

Citizen Lab has done extensive research into FinSpy and found it is being used in a number of countries with poor human rights records and has been used to target activists. It is considered by some to be malicious software.

On Tuesday, Citizen Lab released a summary of its latest findings. FinSpy makes use of Mozilla's trademark and code, wrote researchers Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri and John Scott-Railton.

"The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest," they wrote. "This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists."

Hackers often dress up malicious files to make them appear to be benign, piggybacking on the inherent trust users put into known programs. Appearing to be Firefox makes it more likely potential victims will be duped into installing FinSpy.

Citizen Lab plans to release its latest report, "For Their Eyes Only: The Commercialization of Digital Spying," early Wednesday morning EST, which includes new findings on the proliferation of FinFisher.

The group said it found FinFisher command-and-control servers in 11 new countries: Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria and Austria. The report also summarizes one year of research Citizen Lab has done into the commercial market for offensive intrusion tools developed by Western companies.

view.gifView: Original Article

Link to comment
Share on other sites

  • Replies 2
  • Views 1.4k
  • Created
  • Last Reply
  • Administrator

Spyware used by governments poses as Firefox, and Mozilla is angry

Mozilla sends cease and desist letter to maker of FinFisher software.

WCyYSp8.jpg
That's not the real Firefox, either.

Mozilla has sent a cease-and-desist letter to a company that sells spyware allegedly disguised as the Firefox browser to governments. The action follows a report by Citizen Lab, which identifies 36 countries (including the US) hosting command and control servers for FinFisher, a type of surveillance software. Also known as FinSpy, the software is sold by UK-based Gamma International to governments, which use it in criminal investigations and allegedly for spying on dissidents.

Mozilla revealed yesterday in its blog that it has sent the cease and desist letter to Gamma "demanding that these illegal practices stop immediately." Gamma's software is "designed to trick people into thinking it's Mozilla Firefox," Mozilla noted. (Mozilla declined to provide a copy of the cease and desist letter to Ars.)

The spyware doesn't infect Firefox itself, so a victim's browser isn't at risk. But the spyware "uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion" and is "used by Gamma’s customers to violate citizens’ human rights and online privacy," Mozilla said. Mozilla continues:


Through the work of the Citizen Lab research team, we believe Gamma’s spyware tries to give users the false impression that, as a program installed on their computer or mobile device, it’s related to Mozilla and Firefox, and is thus trustworthy both technically and in its content. This is accomplished in two ways:

1. When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”

2. For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.

The Citizen Lab research team has provided us with samples from the following three instances that demonstrate how this misuse of our brand, trademarks and public trust is a designed feature of Gamma’s spyware products and not unique to a single customer’s deployment:

  • A spyware attack in Bahrain aimed at pro-democracy activists;
  • The recent discovery of Gamma’s spyware apparently in use amidst Malaysia’s upcoming General Elections; and
  • A promotional demo produced by Gamma.

Each sample demonstrates the exact same pattern of falsely designating the installed spyware as originating from Mozilla. Gamma’s own brochures and promotional videos tout one of the essential features of its surveillance software is that it can be covertly deployed on the person’s system and remain undetected.


The Citizen Lab report provides pictorial evidence of the impersonation:

e2E2OMx.png

FinFisher doesn't just masquerade as Firefox. The Citizen Lab report says it has also been used to target Malay language speakers by "masquerading as a document discussing Malaysia’s upcoming 2013 General Elections."

The countries where Citizen Lab identified FinFisher command-and-control servers are Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam.

We've asked Gamma if the company has a response to Mozilla's cease and desist letter but haven't heard back yet.

view.gifView: Original Article

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...