Comment on Citadel’s Man-in-the-Firefox: An Implementation Walk-Through by Dennis Schwarz

September 17, 2013 Dennis Schwarz


In Firefox 23 (released Aug 6, 2013), the PR_* functions from nspr4.dll have moved into nss3.dll. This effectively mitigates the Firefox MITB implementation for the Citadel malware, but the generic MITB implementation idea lives on.

Initial heads up:

Verified via lack of nspr4.dll and nss3.dll’s exported functions.


Previous Article
Comment on Pretending to be a Zeus Gameover Bot by Christian Rossow

Hi Dennis, Arbor, In our research we have shown that crawling severely...

Next Article
Comment on DirtJumper Drive Shifts into a New Gear by Maxim Zimovets

Hello, Jason! Thank You for your deep analysis of DirtJumper's new...