Closed Bug 1458330 Opened 7 years ago Closed 7 years ago

Blocklist malicious add-ons injecting ads, not user-uninstallable

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: rctgamer3, Unassigned)

Details

Came across two while doing tech support. Known names, there might be more: System Table 1.1 143734@modext.tech System Table 1.2 214028@modext.tech In addition to injecting a remote ad script into all pages, this add-on prohibits removal in about:addons because `.addon[name="System Table"] {display: none;}` was injected into userChrome.css preventing detection, likely by some third-party crapware installer beforehand.
All of these seem to be related. They're all obfuscated code and I haven't tested them myself. We'll need to at least verify there's some form of remote injection before we are confident to block all of them. +--------+----------------------------------------+---------------------+ | id | guid | Name | +--------+----------------------------------------+---------------------+ | 798065 | 756995@extcorp.com | Tables | | 798846 | 634415@extcorp.com | Tables | | 799062 | 349590@extcorp.com | Tables | | 799812 | 549312@extcorp.com | Tables | | 800185 | 378507@extcorp.com | Tables | | 800394 | 330970@extcorp.com | Tables | | 817789 | 414489@extcorp.com | Tables | | 822678 | 415694@extcorp.com | Tables | | 823150 | 644636@extcorp.com | Tables | | 834180 | {d7dee150-da14-45ba-afca-02c7a79ad805} | Chmod Calculator | | 834182 | {fb28cac0-c2aa-4e0c-a614-cf3641196237} | Discount Calculator | | 834519 | {1893d673-7953-4870-8069-baac49ce3335} | Reaction Game | | 841531 | 378507@extcorp.men | Tables | | 841532 | 300414@extcorp.me | Tables | | 842620 | 163674@extcorp.com | Tables | | 842956 | guid-reused-by-pk-842958 | Tables | | 842958 | 349590@extcorp.net | Tables | | 844637 | 646506@extcorp.com | Tables | | 852361 | 971379@extcorp.com | Tables | | 860690 | 622464@extcorp.net | Tables | | 861580 | 889824@exmod.net | Tables | | 861696 | 277978@exmod.net | Tables | | 861931 | 671734@exmod.net | Tables | | 882765 | 229247@exmod.net | Tables | | 908859 | {f44ddcb4-4cc0-4866-92fa-eefda60c6720} | vk.com | | 908863 | {0089b179-8f3d-44d9-bb18-582843b0757a} | vk.com | | 909189 | {78054cb2-e3e8-4070-a8ad-3fd69c8e4707} | vk.com | | 910276 | {41c14ab8-9958-44bf-b74e-af54c1f169a6} | Hockey_A | | 924200 | {0f612416-5c5a-4ec8-b482-eb546af9cac4} | S-N-A-2 | | 933463 | {b797035a-7f29-4ff5-bd19-77f1b5e464b1} | findTheBall_m_1 | | 933504 | {fab6484f-b8a7-4ba9-a041-0f948518b80c} | findTheBall_m_2 | | 933507 | {6b50ddac-f5e0-4d9e-945b-e4165bfea5d6} | findTheBall_m_4 | | 935925 | 704141@modext.tech | System Table | | 940534 | 383882@modext.tech | System Table | | 942738 | 470116@modext.tech | System Table | | 942800 | 943172@modext.tech | System Table | | 943363 | 622127@modext.tech | System Table | | 943832 | 214028@modext.tech | System Table | | 944357 | 143734@modext.tech | System Table | | 961128 | 147281@modext.tech | System Table | +--------+----------------------------------------+---------------------+
Based on the obfuscated code from 143734@modext.tech that rctgamer3 sent me I can confirm there is remote script injection.
Updated list: +--------+----------------------------------------+-------------------------+ | id | guid | Name | +--------+----------------------------------------+-------------------------+ | 682663 | support@work.org | Helper Sites | | 729353 | guid-reused-by-pk-729359 | Google Exels | | 729359 | browsermodulecorp@browcorporation.org | TestExtension | | 738865 | corpsearchengine@mail.ru | Corporation Engine | | 740082 | brmodcorp1@brmodcorp.com | exelstest1 | | 740083 | brmodcorp2@brmodcorp.com | exelstest2 | | 740084 | brmodcorp3@brmodcorp.com | exelstest3 | | 755262 | omegabrow@omegacorporation.org | Browser Exels | | 759060 | guid-reused-by-pk-764058 | Google Exels | | 764058 | corpengine@browmodule.com | Google Exels | | 770889 | brcorp@brcorporation.com | Browser Exels | | 770890 | RandomNameTest@RandomNameTest.com | RandomNameTest | | 792678 | brcorp2@brcorporation.com | Tables | | 793574 | brcorp3@brcorporation.com | Tables | | 794244 | brcorp4@brcorporation.com | Tables | | 794251 | brcorp5@brcorporation.com | Tables | | 795163 | brcorp6@brcorporation.com | Tables | | 795173 | brcorp7@brcorporation.com | Tables | | 795326 | estset243@teset.com | TestExp | | 795676 | estset245@teset.com | TestExp | | 795889 | estset248@teset.com | TestExp | | 795899 | brcorp8@brcorporation.com | Tables | | 796618 | estset214@teset.com | TestExp | | 796624 | estset2111@teset.com | TestExp | | 796627 | estset211441@teset.com | TestExp | | 796630 | estse323211441@teset.com | comauto | | 796633 | estse3232221441@teset.com | covstweu | | 796651 | estse333444@teset.com | outrebrand | | 796654 | estse3444555@teset.com | isterlod | | 796780 | ytwewq222@teset.com | opewrty | | 796793 | ywef23332@teset.com | zzswertyu | | 796795 | ewgwer234534@teset.com | jrtgfewwr | | 796805 | 3456622@teset.com | uytrytgfvbtrnr | | 797984 | sdfuerteyt@teset.com | vewgvergtae | | 798065 | 756995@extcorp.com | Tables | | 798846 | 634415@extcorp.com | Tables | | 799062 | 349590@extcorp.com | Tables | | 799812 | 549312@extcorp.com | Tables | | 800185 | 378507@extcorp.com | Tables | | 800394 | 330970@extcorp.com | Tables | | 800517 | 797289@extcorp.com | Tables | | 803217 | 455574@extcorp.com | Tables | | 803243 | 797289@extcorp.net | Tables | | 803542 | 330970@extcorp.net | Tables | | 803654 | 378507@extcorp.net | Tables | | 804397 | 792199@extcorp.com | Tables | | 804456 | 612812@extcorp.com | Tables | | 805110 | 669206@extcorp.com | Tables | | 805211 | 389957@extcorp.com | Tables | | 805213 | 425025@extcorp.com | Tables | | 805214 | 759705@extcorp.com | Tables | | 805215 | 909404@extcorp.com | Tables | | 805216 | 980841@extcorp.com | Tables | | 806894 | 622464@extcorp.com | Tables | | 812338 | 767689@extcorp.com | Tables | | 812341 | 896715@extcorp.com | Tables | | 817789 | 414489@extcorp.com | Tables | | 819959 | 449942@extcorp.com | Tables | | 822678 | 415694@extcorp.com | Tables | | 823150 | 644636@extcorp.com | Tables | | 824188 | 100818@extcorp.com | Tables | | 826780 | 100818@extcorp.net | Tables | | 826784 | 100818@extmod.net | Tables | | 826789 | 414489@corpext.net | Tables | | 829055 | 136711@extcorp.com | Tables | | 830149 | 714257@extcorp.com | Tables | | 830808 | 753186@extcorp.com | Tables | | 830809 | 986996@extcorp.com | Tables | | 830811 | 211746@extcorp.com | Tables | | 832642 | 300414@extcorp.com | Tables | | 834069 | 783422@extcorp.com | Tables | | 834180 | {d7dee150-da14-45ba-afca-02c7a79ad805} | Chmod Calculator | | 834182 | {fb28cac0-c2aa-4e0c-a614-cf3641196237} | Discount Calculator | | 834519 | {1893d673-7953-4870-8069-baac49ce3335} | Reaction Game | | 839003 | 547233@extcorp.com | Tables | | 841531 | 378507@extcorp.men | Tables | | 841532 | 300414@extcorp.me | Tables | | 842620 | 163674@extcorp.com | Tables | | 842958 | 349590@extcorp.net | Tables | | 844637 | 646506@extcorp.com | Tables | | 852361 | 971379@extcorp.com | Tables | | 860690 | 622464@extcorp.net | Tables | | 861580 | 889824@exmod.net | Tables | | 861696 | 277978@exmod.net | Tables | | 861931 | 671734@exmod.net | Tables | | 882765 | 229247@exmod.net | Tables | | 908859 | {f44ddcb4-4cc0-4866-92fa-eefda60c6720} | vk.com | | 908863 | {0089b179-8f3d-44d9-bb18-582843b0757a} | vk.com | | 909189 | {78054cb2-e3e8-4070-a8ad-3fd69c8e4707} | vk.com | | 910276 | {41c14ab8-9958-44bf-b74e-af54c1f169a6} | Hockey_A | | 924200 | {0f612416-5c5a-4ec8-b482-eb546af9cac4} | S-N-A-2 | | 933463 | {b797035a-7f29-4ff5-bd19-77f1b5e464b1} | findTheBall_m_1 | | 933504 | {fab6484f-b8a7-4ba9-a041-0f948518b80c} | findTheBall_m_2 | | 933507 | {6b50ddac-f5e0-4d9e-945b-e4165bfea5d6} | findTheBall_m_4 | | 935925 | 704141@modext.tech | System Table | | 940534 | 383882@modext.tech | System Table | | 942738 | 470116@modext.tech | System Table | | 942800 | 943172@modext.tech | System Table | | 943363 | 622127@modext.tech | System Table | | 943832 | 214028@modext.tech | System Table | | 944357 | 143734@modext.tech | System Table | | 961128 | 147281@modext.tech | System Table | | 971836 | 688188@modext.tech | System Table | +--------+----------------------------------------+-------------------------+
The blocks that cover this list are now staged. Please review and push.
Flags: needinfo?(philipp)
Done
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(philipp)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.