Closed
Bug 1209973
Opened 9 years ago
Closed 8 years ago
dns locker adware resides only on firefox but not detected, possibly by maintenance service
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: sakhtosaz.link, Unassigned)
Details
(Keywords: hang, helpwanted, highrisk)
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; rv:11.0) like Gecko Steps to reproduce: during the last 2 days orange firefox and firefox for developers were infected by DNS Locker adware. other browsers including Edge, IE11 and Chrome are completely intact and clean. PC uses ESET nod, fully protected. there was no risky web surfing, no infected emails, no new applications installed. checking the system according to guides... there were no suspicious applications in Programs and Features, no unknown add-ons and extentions on browser(s). also, all suggested registry keys are clean and valid. The most recent installs in Programs and Features are Mozilla Maintenance Service, only two days before malware started to show up. also "Block reported attack sites" section of options only contain two default firefox related domains as exceptions, add-ons and market place. the above increases the posibility that this malware has been installed by firefox updates and is limited to it, maybe as a hidden add-on. Actual results: after reviewing many guides and how-tos and performing many checks, I uninstalled firefox, delete all related folders and cleaned registry, then installed a fresh copy. in the second run dns locker showed up! the only thing i could do was bloking related ad links via NOD: *.adnxs.com *.amazonaws.com *.atemda.com *.bestpriceninja.com *.bidswitch.net *.clkmon.com *.cloudflare.com *.contextweb.com *.criteo.com *.dnsqa.me *.eshopcomp.com *.gmdelivery.com *.icontentkey.com *.k1wmm.com *.ltmmty.com *.metrigo.com *.quantserve.com *.smartadserver.com *.teracreative.com *.visadd.com *.yabidos.com this prevents ads to activate but firefox CPU usage is too high. Expected results: if there is an add-on it must be visible in Add-ons Manager, at least in safe mode. so what is this?
Reporter | ||
Updated•9 years ago
|
Severity: normal → critical
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
Comment 1•8 years ago
|
||
Hi, Thank you for reporting this, first of all I want to tell you that releases from Mozilla go through virus scanning before being put on public sites and all updates are sent to users over secure connections to avoid any malware from intercepting them and doing bad things. What can I suggested about the malware removal tool is to use something like malwarebytes and ensuring that you flash plugin is up to date.
Flags: needinfo?(sakhtosaz.link)
Comment 2•8 years ago
|
||
Marking this as Resolved: Incomplete due to the lack of response from the reporter. If anyone can still reproduce it on latest versions, feel free to reopen the issue and provide more information.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Updated•8 years ago
|
Flags: needinfo?(sakhtosaz.link)
Given the addresses mentioned, it's almost certainly related to the "malvertising" campaign that was discovered late last year (2015). It's not a firefox-specific issue and it's certainly not bug-related. More information: https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/
You need to log in
before you can comment on or make changes to this bug.
Description
•