Closed Bug 295144 Opened 20 years ago Closed 19 years ago

My Firewall alarms that the build has changed after I restarted my browser. BUT I did not install any component!

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: bahabri, Unassigned)

Details

(Whiteboard: [sg:needinfo]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

I got a list of ed2 and torrents sites form off the digss.com site. I was going
to them one by one. I never clicked OK for any pop up boxes. Pop up boxes that
only have OK, I close them from the (X) icon. After I restarted my firefox, my
firewall (Kerio Personal Firewall) warned me that the build of firefox was
changed (the .exe file was modified). I got suspicious. I redownloaded 1.0.4 and
installed it on the same directory as the old one. After the installation, there
were no warnings from the firewall. That means that something changed the build
with no permeation. I’ll include the list of the site I went to in how to
reproduce the bug. Thanks.

Reproducible: Didn't try

Steps to Reproduce:
I only include the site a went to not the whole list
2. Asia Team http://www.asia-team.net/
3. BajateTodo http://www.bajatetodo.com/
4. CDMSShare http://www.cdmsshare.org/
5. Descargatorrent http://descargatorrent.webcindario.com/
7. EliteFreak http://www.elitefreak.net/
9. ElMejorDance http://www.elmejordance.tk/
14. FuLLToRReNtS http://www.full-torrents.com/
18. Peer-Peer World http://www.xxx-peer2peer-world.cx.la/
19. Pleasuredome 101 http://forum.pleasuredome101.com/index.php?
20. PlusBR http://www.japasoft.com.br/
21. PortalDivX.orG http://www.portaldivx.org/index.php
22. Portalpirata http://www.portalpirata.com/
67. CrystalShare http://crystalshare.com/
71. DivX Clasico http://www.divxclasico.com/
73. Divx Release http://www.divxrelease.com/
74. Divx4Arab http://www.divx4arab.com/
181. SGTeam http://www.sgteam.com/
267. EliteTorrent http://www.elitetorrent.net/
285. Torrent.TO http://www.torrent.to/
293. XtremeWarez http://www.xtremewarez.net/
294. ZoNaDiVX http://www.zonadivx.com/
296. Empornium http://www.empornium.us/
298. Hawkies World http://www.hawkies-world.org/
300. BTEfnet http://m1.btefnet.net/

Actual Results:  
The build of firefox.exe has changed

Expected Results:  
it should not allow some site to change it

ext. are flashgot and bbcode
Is Java enabled, and if so what version? (see about:plugins)

Any other plugins?

What sorts of prompts did you get, and from which sites? That would help narrow
the search down so we could try the ones doing suspicious stuff first, and might
help us identify what techniques they're using.
Whiteboard: [sg:needinfo]
(In reply to comment #1)
> Is Java enabled, and if so what version? (see about:plugins)
> 
> Any other plugins?
> 
> What sorts of prompts did you get, and from which sites? That would help narrow
> the search down so we could try the ones doing suspicious stuff first, and might
> help us identify what techniques they're using.

+_+_+_+_+
Hi dear,

thanks for taking care of my report.

here what i got from about:plugin
++++++++++++++++++++++++++++++++++++++++++
Installed plug-ins
Find more information about browser plug-ins at Netscape.com.
Help for installing plug-ins is available from plugindoc.mozdev.org.
Mozilla Default Plug-in

    File name: npnul32.dll
    Default Plug-in

MIME Type 	Description 	Suffixes 	Enabled
* 	Mozilla Default Plug-in 	* 	No
Shockwave Flash

    File name: NPSWF32.dll
    Shockwave Flash 7.0 r19

MIME Type 	Description 	Suffixes 	Enabled
application/x-shockwave-flash 	Macromedia Flash movie 	swf 	Yes
application/futuresplash 	FutureSplash movie 	spl 	Yes
RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)

    File name: nppl3260.dll
    RealPlayer(tm) LiveConnect-Enabled Plug-In

MIME Type 	Description 	Suffixes 	Enabled
audio/x-pn-realaudio-plugin 	RealPlayer(tm) as Plug-in 	ra,ram,rm,rpm 	Yes
RealPlayer Version Plugin

    File name: nprpjplug.dll
    6.0.12.1059

MIME Type 	Description 	Suffixes 	Enabled
application/vnd.rn-realplayer-javascript 	RealPlayer Version Plugin 	rpj 	Yes
QuickTime Plug-in 6.5.1

    File name: npqtplugin.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content
in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
application/sdp 	SDP stream descriptor file 	sdp 	Yes
application/x-sdp 	SDP stream descriptor file 	sdp 	Yes
application/x-rtsp 	RTSP stream descriptor file 	rtsp,rts 	Yes
video/quicktime 	QuickTime Movie 	mov,qt 	Yes
video/flc 	AutoDesk Animator (FLC) file 	flc,fli 	Yes
audio/aiff 	AIFF audio file 	aiff,aif,aifc,cdda 	Yes
QuickTime Plug-in 6.5.1

    File name: npqtplugin2.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content
in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
audio/x-aiff 	AIFF audio file 	aiff,aif,aifc,cdda 	Yes
audio/basic 	uLaw/AU audio file 	au,snd,ulw 	Yes
audio/vnd.qcelp 	QUALCOMM PureVoice audio file 	qcp 	Yes
audio/AMR 	AMR audio file 	AMR 	Yes
audio/x-gsm 	GSM audio file 	gsm 	Yes
video/3gpp 	3GPP media file 	3gp,3gpp 	Yes
audio/3gpp 	3GPP media file 	3gp,3gpp 	Yes
QuickTime Plug-in 6.5.1

    File name: npqtplugin3.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content
in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
video/3gpp2 	3GPP2 media file 	3g2,3gp2 	Yes
audio/3gpp2 	3GPP2 media file 	3g2,3gp2 	Yes
video/mp4 	MPEG-4 media file 	mp4,mpg4 	Yes
audio/mp4 	MPEG-4 media file 	mp4,mpg4 	Yes
audio/x-m4a 	AAC audio 	m4a 	Yes
audio/x-m4b 	AAC audio book 	m4b 	Yes
video/sd-video 	SD video file 	sdv 	Yes
application/x-mpeg 	AMC media file 	amc 	Yes
QuickTime Plug-in 6.5.1

    File name: npqtplugin4.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content
in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
image/x-macpaint 	MacPaint image file 	pntg,pnt,mac 	Yes
image/pict 	PICT image file 	pict,pic,pct 	Yes
image/x-pict 	PICT image file 	pict,pic,pct 	Yes
image/x-quicktime 	QuickTime Image File 	qtif,qti 	Yes
image/x-sgi 	SGI image file 	sgi,rgb 	Yes
image/x-targa 	TGA image file 	targa,tga 	Yes
image/tiff 	TIFF image file 	tif,tiff 	Yes
QuickTime Plug-in 6.5.1

    File name: npqtplugin5.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content
in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
image/x-tiff 	TIFF image file 	tif,tiff 	Yes
Anti-Leech Plug-in

    File name: npalnn.dll
    Anti-Leech Plug-in v.1.0.1.6

MIME Type 	Description 	Suffixes 	Enabled
application/x-al-package 	Anti-Leech package 	alp 	Yes
Microsoft Office 2003

    File name: NPOFFICE.DLL
    Office Plugin for Netscape Navigator

MIME Type 	Description 	Suffixes 	Enabled
application/x-msoffice 	11.0.5510 	* 	Yes
Java Plug-in

    File name: NPJava11.dll
    Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.1.1 	Java Applet 		Yes
application/x-java-bean;version=1.1.1 	JavaBeans 		Yes
application/x-java-applet;version=1.1 	Java Applet 		Yes
application/x-java-bean;version=1.1 	JavaBeans 		Yes
application/x-java-applet 	Java Applet 		Yes
application/x-java-bean 	JavaBeans 		Yes
Java Plug-in

    File name: NPJava12.dll
    Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.2 	Java Applet 		Yes
application/x-java-bean;version=1.2 	JavaBeans 		Yes
application/x-java-applet;version=1.1.3 	Java Applet 		Yes
application/x-java-bean;version=1.1.3 	JavaBeans 		Yes
application/x-java-applet;version=1.1.2 	Java Applet 		Yes
application/x-java-bean;version=1.1.2 	JavaBeans 		Yes
Java Plug-in

    File name: NPJava13.dll
    Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.3.1 	Java Applet 		Yes
application/x-java-bean;version=1.3.1 	JavaBeans 		Yes
application/x-java-applet;version=1.4 	Java Applet 		Yes
application/x-java-bean;version=1.4 	JavaBeans 		Yes
application/x-java-applet;version=1.4.1 	Java Applet 		Yes
application/x-java-bean;version=1.4.1 	JavaBeans 		Yes
Java Plug-in

    File name: NPJava32.dll
    Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.3 	Java Applet 		Yes
application/x-java-bean;version=1.3 	JavaBeans 		Yes
application/x-java-applet;version=1.2.2 	Java Applet 		Yes
application/x-java-bean;version=1.2.2 	JavaBeans 		Yes
application/x-java-applet;version=1.2.1 	Java Applet 		Yes
application/x-java-bean;version=1.2.1 	JavaBeans 		Yes
Java Plug-in

    File name: NPJPI141_03.dll
    Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;jpi-version=1.4.1_03 	Java Applet 		Yes
application/x-java-bean;jpi-version=1.4.1_03 	JavaBeans 		Yes
Java Plug-in

    File name: NPOJI610.dll
    Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-vm 	Java Virtual Machine for Netscape 6.x 		Yes
Authorware Web Player

    File name: np32asw.dll
    Macromedia Authorware Web Player Netscape plug-in, version 6.5 F1 

MIME Type 	Description 	Suffixes 	Enabled
application/x-authorware-map 	Authorware 	aam 	Yes
Adobe Acrobat

    File name: nppdf32.dll
    Adobe Acrobat Plug-In Version 5.00 for Netscape

MIME Type 	Description 	Suffixes 	Enabled
application/pdf 	Acrobat 	pdf 	Yes
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> What sorts of prompts did you get, and from which sites?
the usual stuff, vote for us and stuff like that. BUT I never said yes!

>and from which sites? That would help narrow
>the search down so we could try the ones doing suspicious stuff first, and >might
>help us identify what techniques they're using.

the list i have has more than 300 sites I only included the sites I went to.
I really don't want to go there again. I'm a bit scared :). Sorry. 

btw: just remembered, the java icon was in the sys. try near the clock. 
thanks again :)
>     Java Plug-in 1.4.1_03 for Netscape Navigator (DLL Helper)

Java 1.4.2_05 and below have publicly known security holes and are being
actively exploited to install spyware.  That's probably what happened to you.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.