1732135 - FireFox froze with a False Microsoft appear Ransomeware

Status: RESOLVED INCOMPLETE

(Firefox :: Untriaged, defect)

Description

[Steve Sears]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0

Steps to reproduce:

I was using FoxFire to access my AOL & Gmail Emails when the screen froze with a web screen that claimed it was Microsoft and I needed to call a specific number. Also that if I didn't my computer would freezeup

Actual results:

After reading the false Microsoft screen the required me to call their phone number, I Pushed the power button on my computer and restarted my computer. When my
Windows 10 operating system recovered and I reactivated FireFox the same scenario happened again. This Malware had taken over FireFox.
I then restored the FireFox software, restarted FireFox and that Ransomware screen was gone!

Expected results:

I then ran my FixMeStick USB linux house cleaning package only to find that there were NO malware or viruses on my computer. This Look alike Microsoft Ransomware has to have been imbedded in the FireFox Software and reloading the software takes care of the problem.

Comment 1

[Steve Sears]

I have had problems with the Opera Browser, but nothing like this with FireFox. As a Security Nerd, I would love to know who corrupted my Loading of FireFox?

Comment 2

[Andrew McCreight [:mccr8]]

Do you have "open previous windows and tabs" selected in your Firefox settings? That would be the simplest explanation for why the bad website was getting loaded after you restarted.

Comment 3

[Daniel Veditz [:dveditz]]

I have the same suspicion as Andrew: this type of scam goes around from time to time when the scammers discover a new way to make Firefox "hang" or freeze up, preferably (for the scammer) in full-screen mode so it blocks switching to other programs. These are launched from malicious ads and are just normal web pages. They can't actually harm your computer unless you fall for it and call the number. At that point it might be a phone number that charges you for connection, or a sales-pitch for a security product or subscription (that may or may not do anything), or "Microsoft" helpfully offers to fix your computer if you give them remote access (so they can install the real malware).

In this case since Firefox was stopped abruptly when you hit the power button (which is a good instinct on your part, given the circumstances) Firefox helpfully reopens all your tabs after the crash so you don't lose your work. In this case, unfortunately, that includes the scam page. If you had killed Firefox one or two more times it would give up trying to restore your tabs and instead present a page telling you one of them seems to be causing a problem and letting you either start fresh, or delete items from a list of open tabs and then try again.

We would love to fix this new trick or bug they found to hang Firefox, but we'd need to catch them doing it so we can see what they used. What did you mean when you say you "restored" the Firefox software? If you simply re-installed the software the evidence may still be on your computer. If you also deleted your local data files then it's gone. Do you still have all your bookmarks and history? If so, open "Show All History" from the History menu, (or "Manage History" on the other History sub-menu), sort by Last Visited, and see if you can find the scam site around the time this happened. Select it (but DON'T DOUBLE-CLICK IT!) and copy the URL from the fields at the bottom or from the right-click context menu.

It's unfortunately possible that Firefox was not able to save that URL because of the abrupt system shut-down, but that would be our best hope for being able to find and fix whatever latest trick they've found.