Closed Bug 647219 Opened 14 years ago Closed 12 years ago

XP Anti-Virus 2011 infection after visit to http://ebookee.org/Elektor-Electronics-April-2011-UK-_1111405.html

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: chofmann, Unassigned)

References

(Blocks 1 open bug)

Details

reported on > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security On 3/31/11 9:18 PM, jackalek wrote: > I've been infected by malware today > http://www.virustotal.com/file-scan/report.html?id=6272bc38294005a43db2440ed0eede7ac27c8ed67c368accf9b87a5ab52a0b3e-1301630398 > called XP Anti-Virus 2011 > Avira skiped it - at the time just a few antyviruses detect it. > How I got it > ff4 on windows xp sp3 running with admin rights (i know stupid) > > ran this google search > http://www.google.co.uk/#sclient=psy&hl=en&q=elektor+download&aq=f&aqi=&aql=&oq=&pbx=1&fp=5f249b55c4d46e3 > and went to this address > http://ebookee.org/Elektor-Electronics-April-2011-UK-_1111405.html > at this stage nothing happens unless you click anywhere on the page > then a new windows pops out > http://ebookee.org/popular/ebookee.com.html > after a few seconds I got alert from windows security manager telling > me my firewall is disaled, firefox has been closed and I got annoying > shiled with fake virus scan. > I went to safe mode and spent good half hour before manually getting > rid of this ****, it took ever exe extension in order to run itself > even in safe mode. > > I've tired to run firefox again in sandbox but it seems not to trigger > this infection again. > > There was no interacton form my side, just new window popped and thats > it. > Can anyone recreate this steps in order to finad a way how this > byspassed firefox ? > > How can I help with investigation ? > I've got sample of the trojan but don't think this would explain > possible security breach in firefox. > > Regards > Sam > Sam, can you also indicate what versions of plugins you are running. you can find this by typing about:plugins
Blocks: malware-attacks
> firefox has been closed can you also check for any resent crash reports? type about:crashes in the location bar to see a history of crashes. if you can paste the crash report ids into this bug.
As requested, list of plugins http://pastehtml.com/view/1dw9b68.rtxt about:crashes shows one crash from 2009 which is pretty old one so not relevant Regards, Sam
Is this report still useable after 2 years ?
Flags: needinfo?(chofmann)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Flags: needinfo?(chofmann)
You need to log in before you can comment on or make changes to this bug.