Closed Bug 299447 Opened 16 years ago Closed 16 years ago

Malware CASINOPALAZZO installed through Mozilla Firefox

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED INVALID

People

(Reporter: persocom, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1

I was browsing the website www.hotmsnnames.com, a pop up box appeared with "you
must be 18 years old to access this service..." message. Trend Micro Emergency
lock failed to work. I rebooted the PC, and a toolbar had appeared in Internet
Connections window, Windows explorer then crashed and I ran Adaware.

Adaware log:
ArchiveData(auto-quarantine- 2005-07-02 12-14-54.bckp)
Referencefile : SE1R46 17.05.2005
======================================================

CASINOPALAZZO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{9eac0102-5e61-2312-bc2d-4d54434d5443}
obj[1]=RegValue : clsid\{9eac0102-5e61-2312-bc2d-4d54434d5443} ""
obj[2]=Regkey : tubby.toolbandobj
obj[3]=RegValue : tubby.toolbandobj ""
obj[4]=Regkey : tubby.toolbandobj.1
obj[5]=RegValue : tubby.toolbandobj.1 ""
obj[6]=Regkey : typelib\{9eac0102-5e61-2312-bc2b-4d54434d5443}
obj[7]=Regkey : software\microsoft\windows\currentversion\explorer\browser
helper objects\{9eac0102-5e61-2312-bc2d-4d54434d5443}
obj[8]=RegValue : software\microsoft\windows\currentversion\explorer\browser
helper objects\{9eac0102-5e61-2312-bc2d-4d54434d5443} ""
obj[9]=RegValue : software\microsoft\internet explorer\toolbar
"{9EAC0102-5E61-2312-BC2D-4D54434D5443}"
obj[10]=Regkey : software\microsoft\windows\currentversion\uninstall\search toolbar
obj[11]=RegValue : software\microsoft\windows\currentversion\uninstall\search
toolbar "DisplayName"
obj[12]=RegValue : software\microsoft\windows\currentversion\uninstall\search
toolbar "UninstallString"


Reproducible: Didn't try




Web Feature: "Allow websites to install software" was not enabled. "Pop up
blocker" was enabled.
You are running a rather old pre-release version of Firefox with a number of
known security problems. We haven't heard of anyone active exploits using those
vulnerabilities though.

Do you have Java enabled? If so, what version do you have installed? You can
find this out using the Java icon in the windows control panel. We have seen
active abuse of older versions of Java (http://java.com).

The front page contains flash, a java applet, and (for IE) an ActiveX which are
opaque to me--might be benign, maybe not, just can't tell by looking. The rest
of the page appears free of attack code.
Whiteboard: [sg:needinfo]
(In reply to comment #1)
> You are running a rather old pre-release version of Firefox with a number of
> known security problems. We haven't heard of anyone active exploits using those
> vulnerabilities though.
> 
> Do you have Java enabled? If so, what version do you have installed? You can
> find this out using the Java icon in the windows control panel. We have seen
> active abuse of older versions of Java (http://java.com).
> 
> The front page contains flash, a java applet, and (for IE) an ActiveX which are
> opaque to me--might be benign, maybe not, just can't tell by looking. The rest
> of the page appears free of attack code.

Java was enabled. It says Java Plug-in 1.4.1_02, I guess that's pretty old, I
think it was bundled with Netscape 7.2. 

Thank you, I'll update Java and Firefox.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Whiteboard: [sg:needinfo]
You need to log in before you can comment on or make changes to this bug.