To those wary and concerned about online theft of identity, financial fraud by use of Internet, this is very interesting. FF or addons in particular to any browser could be keylogging your activities including accounts’ credentials. With more codes to XUL, mouse movements, screenshots and etc could be further transmitted away. Will try to do a PoC someday and post my own demo on this.
This would be difficult to detect by AV/anti-malware client side application. Firewall logs might show unusual HTTP transactions going to unauthorized target (but with again with a little more codes of the XUL file and a ‘cloud’ distributed botnet, this could be easily overcomed).
On a positive note, this demo/technique could be used for ‘educational’ purpose to record/audit behaviours particularly when participants approved consensus e.g. in a well defined policy.
Securitytube.net’s Video Demo – click here.
Checkout my post/question on OWASP-Malaysia with useful advice from the response.