Firefox contains spyware (probably)

[Mysturji]

http://www.bbc.co.uk/news/technology-22372027
Bastards

[klr]

Finfisher is a legitimate surveillance software thought to be used by governments to covertly obtain data.

It is installed unknowingly by its target computer user, often by disguising itself as an update to a well known programme such as Firefox.

So how would one actually fall for this in practice?

[Mysturji]

Finfisher is a legitimate surveillance software thought to be used by governments to covertly obtain data.

It is installed unknowingly by its target computer user, often by disguising itself as an update to a well known programme such as Firefox.

So how would one actually fall for this in practice?

It's right there in the bit you quoted.
Never mind WTF is "legitimate surveillance software". All you need to do is click "yes" when Firefox says it wants to install an update. I mean, who wouldn't? Everyone trusts trusted firefox, didn't they?

[klr]

Finfisher is a legitimate surveillance software thought to be used by governments to covertly obtain data.

It is installed unknowingly by its target computer user, often by disguising itself as an update to a well known programme such as Firefox.

So how would one actually fall for this in practice?

It's right there in the bit you quoted.
Never mind WTF is "legitimate surveillance software". All you need to do is click "yes" when Firefox says it wants to install an update. I mean, who wouldn't? Everyone trusts trusted firefox, didn't they?

Yes, but how is Firefox being tricked into presenting you with this false update in the first place?

Anyway, time to (maybe) change all of my passwords ... or to check first if my AV programs have let this blighter through.

[Gawdzilla Sama]

http://en.wikipedia.org/wiki/FinFisher

[klr]

Some more information from El Reg:

http://www.theregister.co.uk/2013/05/01 ... nd_desist/

[Mysturji]

Finfisher is a legitimate surveillance software thought to be used by governments to covertly obtain data.

It is installed unknowingly by its target computer user, often by disguising itself as an update to a well known programme such as Firefox.

So how would one actually fall for this in practice?

It's right there in the bit you quoted.
Never mind WTF is "legitimate surveillance software". All you need to do is click "yes" when Firefox says it wants to install an update. I mean, who wouldn't? Everyone trusts trusted firefox, didn't they?

Yes, but how is Firefox being tricked into presenting you with this false update in the first place?

Anyway, time to (maybe) change all of my passwords ... or to check first if my AV programs have let this blighter through.

If I understand correctly, they didn't trick Firefox, they're tricking Firefox users by pretending to be a Firefox update.

[klr]

If I understand correctly, they didn't trick Firefox, they're tricking Firefox users by pretending to be a Firefox update.

Yup, that's it.

From 'Zilla's wiki link:

Bill Marczak said of FinSpy mobile "As we saw with respect to the desktop version of Finfisher, antivirus alone isn't enough, as it bypassed antivirus scans."[20] Sara Yin predicts that antivirus vendors are likely to have updated their signatures to detect FinSpy mobile.[20] ESET have announced detection of the desktop FinFisher as Win32/Belesak.D Trojan,[21][22] and antivirus vendors have claimed they detect malware they know about regardless of origin or purpose.

That's not exactly clear as to whether AV programs are blocking it or not.

[Gawdzilla Sama]

If I understand correctly, they didn't trick Firefox, they're tricking Firefox users by pretending to be a Firefox update.

Yeah, the "okay-click" people.

[pErvinalia]

But how is it presenting itself? What is causing it to create a popup to get you to install it? You'd have to click on something malicious first, wouldn't you?

[Gawdzilla Sama]

But how is it presenting itself? What is causing it to create a popup to get you to install it? You'd have to click on something malicious first, wouldn't you?

Yeah, but if it was convincing most people would just click ok and go on.

[pErvinalia]

But where is the pop up coming from? It can't come out of nowhere. You'd have to visit a certain website or click on some other element first to get the popup to even occur.

[Gawdzilla Sama]

But where is the pop up coming from? It can't come out of nowhere. You'd have to visit a certain website or click on some other element first to get the popup to even occur.

It doesn't have to be a shady website. Someone could spoof Google and get a free ride into almost anyone's computer.

[Mysturji]

If I understand correctly, they didn't trick Firefox, they're tricking Firefox users by pretending to be a Firefox update.

Yeah, the "okay-click" people.

... and people who look and see it's an update for Firefox or iTunes before clicking.

...it could be covertly installed on suspects' computers through exploiting security lapses in the update procedures of non-suspect software...

A security flaw in Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.[6][7] Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.
The security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security software commentator Brian Krebs.[6][7][14] Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch.

[Mysturji]

But where is the pop up coming from? It can't come out of nowhere. You'd have to visit a certain website or click on some other element first to get the popup to even occur.

How does Mozilla know you have Firefox installed, and that it's due for an update?
How does Apple know that you have iTunes installed, and it's due for an update?
These things are do-able, it you have the will and the technical expertise. Of course, an Apple or Mozilla insider in you pocket helps, too.