Browser exploit found to search for sensitive files.
On August 5th, it was discovered that a news site in Russia contained an advertisement which was utilizing an exploit in Firefox to search for and upload sensitive files from the user’s computer and uploading them to a server appearing to be in Ukraine. Security updates that patch this vulnerability were released by Mozilla and all users of the Firefox browser were encouraged to update to version 39.0.3.
This exploit leaves absolutely no trace on the machine. Anyone using Firefox on Windows or Mac/Linux are urged to change passwords and keys found on the typically developer focused files such as subversion, s3browser, and Filezilla configuration files from FTP clients on Windows. Linux/Mac variants would search for global configuration files such as .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and any files with “pass” and “access” in the names as well as shell scripts.
If ad-blocking software is installed, it is possible that users were protected depending on how and which filters were being utilized.