Closed Bug 299447 Opened 19 years ago Closed 19 years ago

Malware CASINOPALAZZO installed through Mozilla Firefox

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED INVALID

People

(Reporter: persocom, Unassigned)

References

()

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 I was browsing the website www.hotmsnnames.com, a pop up box appeared with "you must be 18 years old to access this service..." message. Trend Micro Emergency lock failed to work. I rebooted the PC, and a toolbar had appeared in Internet Connections window, Windows explorer then crashed and I ran Adaware. Adaware log: ArchiveData(auto-quarantine- 2005-07-02 12-14-54.bckp) Referencefile : SE1R46 17.05.2005 ====================================================== CASINOPALAZZO »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Regkey : clsid\{9eac0102-5e61-2312-bc2d-4d54434d5443} obj[1]=RegValue : clsid\{9eac0102-5e61-2312-bc2d-4d54434d5443} "" obj[2]=Regkey : tubby.toolbandobj obj[3]=RegValue : tubby.toolbandobj "" obj[4]=Regkey : tubby.toolbandobj.1 obj[5]=RegValue : tubby.toolbandobj.1 "" obj[6]=Regkey : typelib\{9eac0102-5e61-2312-bc2b-4d54434d5443} obj[7]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{9eac0102-5e61-2312-bc2d-4d54434d5443} obj[8]=RegValue : software\microsoft\windows\currentversion\explorer\browser helper objects\{9eac0102-5e61-2312-bc2d-4d54434d5443} "" obj[9]=RegValue : software\microsoft\internet explorer\toolbar "{9EAC0102-5E61-2312-BC2D-4D54434D5443}" obj[10]=Regkey : software\microsoft\windows\currentversion\uninstall\search toolbar obj[11]=RegValue : software\microsoft\windows\currentversion\uninstall\search toolbar "DisplayName" obj[12]=RegValue : software\microsoft\windows\currentversion\uninstall\search toolbar "UninstallString" Reproducible: Didn't try Web Feature: "Allow websites to install software" was not enabled. "Pop up blocker" was enabled.
You are running a rather old pre-release version of Firefox with a number of known security problems. We haven't heard of anyone active exploits using those vulnerabilities though. Do you have Java enabled? If so, what version do you have installed? You can find this out using the Java icon in the windows control panel. We have seen active abuse of older versions of Java (http://java.com). The front page contains flash, a java applet, and (for IE) an ActiveX which are opaque to me--might be benign, maybe not, just can't tell by looking. The rest of the page appears free of attack code.
Whiteboard: [sg:needinfo]
(In reply to comment #1) > You are running a rather old pre-release version of Firefox with a number of > known security problems. We haven't heard of anyone active exploits using those > vulnerabilities though. > > Do you have Java enabled? If so, what version do you have installed? You can > find this out using the Java icon in the windows control panel. We have seen > active abuse of older versions of Java (http://java.com). > > The front page contains flash, a java applet, and (for IE) an ActiveX which are > opaque to me--might be benign, maybe not, just can't tell by looking. The rest > of the page appears free of attack code. Java was enabled. It says Java Plug-in 1.4.1_02, I guess that's pretty old, I think it was bundled with Netscape 7.2. Thank you, I'll update Java and Firefox.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Whiteboard: [sg:needinfo]
You need to log in before you can comment on or make changes to this bug.