Ukrainians and / or the Russians forced to release an urgent update Firefox browser. August 5 in Mozilla received informationthat one of the Russian news sites placed banner ads, through which extends an exploit for Firefox. The malware is looking for particular files on a user’s computer and sends them to a Ukrainian server.
In this regard, Mozilla released an urgent security updates that address this vulnerability. So In Firefox, Mozilla Found and Fixed a Serious Vulnerability to avoid damage to the users. All users of the stable channel Firefox need to urgently upgrade to Firefox 39.0.3. This update was released for the version with long-term support Firefox ESR 38.1.1.
Surprisingly the list of files that were of interest to attackers. Under Windows searches for configuration files subversion, s3browser and Filezilla, account information and .purple Psi +, as well as the configuration files of eight popular FTP-clients.Under Linux and Mac OS are copied to the global configuration files
/ etc / passwd, scans all user directories to which you have access. The malware searches for files .bash_history, .mysql_history,
.pgsql_history, configuration files and keys
.ssh, configuration files for remina, Filezilla and Psi +, text files with the words "pass" and "access" in the title, as well as any shell-scripts.
The exploit does not leave any traces on a victim’s computer.
Apparently, an exploit aimed against developers. It can be assumed that it spread through the news site computer topics. In any case, browsers defined ad blocker likely protected from infection.