Closed Bug 443611 Opened 16 years ago Closed 14 years ago

counter.yadro.ru hacker proxy

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: shum.mail, Unassigned)

References

(
URL
)

Details

(Whiteboard: [CLOSEME 2010-11-01]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

I believe that it is some hole from firefox which yadro.ru exploited. After firefox being infected, firefox's and the internet's speeds slow down dramatically. The only way i was able to notice it was going to this website http://crackzplanet.com/get_267576_DownloadStudio.v4.00.040-ELYSiUM_crack.html which was unable to load and the status bar says that i am connecting to yadro.ru which obviously should not be the case. So any page i visit, yadro.ru acts as an proxy and probably saving a copy of my submitted forms and visited webs sites for malicious purposes.

Reproducible: Always

Steps to Reproduce:
1.Get infected (no idea how i got infected)
2.Go to the site i mentioned (http://crackzplanet.com/get_267576_DownloadStudio.v4.00.040-ELYSiUM_crack.html)
3.Look at the bottom left in the status bar saying that i am being connected to yadro.ru
Actual Results:  
-Internet slowdown
-Unable to connect to some pages

Expected Results:  
-Unable to connect to the specified page
-Redirecting to yadro.ru is shown
Are you sure that all traffic got redirected (don't rely on the statusbar, it's often incorrect) ?
I am sure because i just wiped my computer with a back up and the new fresh installation of firefox does not produce the same problem. Also, the internet in firefox got faster.
Well in addition to that, i did not experience slow down with IE when i had this problem. And i could visit the site i mentioned above with IE too. Too bad that i restored my computer with a backup, i should have made a screenshot and posted it.
I went to that particular URL, but I never noticed an anomaly. After the page was loaded, no more traffic was seen (checked with Wireshark and LifeHttpHeaders). Also, when surfing other websites, I never noticed the behavior that you describe. I'm not not sure that it ever existed (all you reported is the statusbar message).
Well the thing is that i did not get infected because of the site.
I have no idea how i got infected. But once you are infected, you do experience such behavior. Actually that was my third time getting infected. I guess i might in the future, and if i do, maybe i will record a video showing the effects. But i am sure that it has to do with yadro.ru
Ok.. i got infected again. I don't know how i got infected again. But i even confirmed it right now by using my other computer which has the same version of Firefox (3.0) installed. My other computer is connected in the same router which means if it is a router problem, both computers should not be able to load the page i specified before. But i just confirmed that my other computer which is not infected, load the specified page without problem. In other hand, i is not being loaded in this computed which is infected.
Here is a video recording how does it look when i am infected.
http://www.mediafire.com/?znjmddfc3gh
I think i found the partial solution for it. It might not have been any hacker proxy at all. I think it might have been some bugs causing cookies conflicts. Once i cleared all my private data, the page loaded normally again.
This is a mass search for bugs that are in the Firefox General component, are
UNCO, and have not been changed for 800 days and have an unspecified version. 

Reporter, can you please update to Firefox 3.6.10, create a fresh profile,
http://support.mozilla.com/en-US/kb/managing+profiles, and test again. If you
still see the bug, please update this bug. If the issue is gone, please set the
resolution to RESOLVED > WORKSFORME.
Whiteboard: [CLOSEME 2010-11-01]
No reply from reporter, INCOMPLETE. Please retest with Firefox 3.6.12 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.