HKTL_FYRSNIFF

Trend Micro has flagged this hacking tool as noteworthy due to the increased potential for damage, information theft, or both, that it possesses. Specifically, it is a form of a proof-of-concept hack with sidejacking capabilities, which can potentially be used for malicious purposes.

To get a one-glance comprehensive view of the behavior of this Hacking Tool, refer to the Threat Diagram shown below.

This hacking tool is a Firefox add-on that is installed manually by the user.

Arrival Details

This hacking tool may be downloaded from the following remote sites:

• http://{BLOCKED}tler.github.com/firesheep/

Other Details

Based on analysis of the codes, it has the following capabilities:

• Launches the Carnivore sniffer to retrieve user IDs and session IDs from cookie information of network packets. It specifically monitors transactions on the following websites:
  • amazon.com
  • basecamphq.com
  • bit.ly
  • cisco.com
  • cnet.com
  • dropbox.com
  • enom.com
  • evernote.com
  • facebook.com
  • flickr.com
  • foursquare.com
  • github.com
  • google.com
  • gowalla.com
  • harvestapp.com
  • live.com
  • manage.slicehost.com
  • news.ycombinator.com
  • nytimes.com
  • pivotaltracker.com
  • sandiego.toorcon.org
  • tumblr.com
  • twitter.com
  • wordpress.org
  • yahoo.com
  • yelp.com
It also displays the stolen information on a sidebar in the Firefox browser.