Yesterday (Oct 26, 2010), MMPC researchers learned that the Nobel Peace Prize website "nobelprize.org" was hacked and users browsing the site using Firefox versions 3.5 and 3.6 may have received malware. The malware is delivered by way of a malicious JavaScript that exploits a vulnerability in Firefox.

Mozilla is aware of the vulnerability and note that an update of the browser is pending.

Microsoft provides protection against the malicious JavaScript as "Exploit:JS/Belmoo" and the payload as "Backdoor:Win32/Belmoo.A" with antimalware signature version 1.93.562.0 and higher.

Below are SHA1 hashes for the related malware -

  • Exploit:JS/Belmoo – 4e10bc0c96c1f1dec856dd890f5e64f654229f1d
  • Backdoor:Win32/Belmoo.A - 244860d5c40d8d13c16fa8bba133c7608a09a276

-MMPC