The trojan, called FormSpy by McAfee, is downloaded to PCs already infected with the Downloader-AXM trojan, according to McAfee.
Downloader-AXM contacts servers to download malicious software without user knowledge, according to McAfee.
Once downloaded, the trojan sends information submitted to the browser to a malicious website. The malware is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic, according to an advisory from McAfee.
The trojan was modified from the NumberedLinks 0.9 component available on the internet, according to McAfee.
Allysa Meyers, virus research engineer at McAfee, said today that the downloader trojan is not very widespread, despite spamming out yesterday.
That type of distribution makes the trojan unique, said Myers.
"The thing about this one is that it's the first mass-spamming of a trojan that specifically targets Firefox," she said. "This shows the growing importance of Firefox. (Malicious users) figured enough users have (Firefox) that it would now that it would be worth something to make this."