Closed
Bug 319771
Opened 19 years ago
Closed 17 years ago
spyware picked up from site spoofing plugin finder UI?
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 252257
People
(Reporter: comicfan1989, Unassigned)
Details
(Whiteboard: [sg:needinfo])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 I had downloaded and installed Firefox 1.5. I decided to use the StumbleUpon add on. I installed it and had no problems with anything working for me. I started getting Flash8 popups telling me in order to veiw the web page, I needed to install Flash8. This was happening on almost any site I would visit. I had then clicked on the Flash8 and the popup would dissappear and the web page was a bit out of sorts, broken up a bit if you will. I ran a quick spyware check to find minibug on my pc in the HKEY_LOCAL_. I continued to get this minibug even though doing away with it with EWIDO. I kept getting more and more pop ups with Flash8 and finally downloaded Ad aware and did a scan. It came up with cometsys in my registry, HKEY_LOCAL once again. I tried to find specific information on it and found it to be a well known hijacking spyware. I began getting scheduled tasks running on my pc when I never schedule any. Ad aware would do away with it,but it would come back. Finally I saw a page where it mentioned the add ons through FX can be used by spyware. So initially I uninstalled the add on (Stumbleupon) did a good cleaning and have had no trouble since. I also was not using IE closely prior or during having FX and had done scans on my pc already. I ended up with 48 spywares found in the registry. Not cookies, actual spyware. Well, posting this to other spots, i have been called a liar, that I am working for IE, and simply hounded. I apologize if this is not the correct place to send this, and i did search quite some time for this issue. Reproducible: Couldn't Reproduce Steps to Reproduce: 1.downloaded the add on, stumbleupon 2.ran it and used it. Tried to browse with it. 3.Tried going to different sites and same ones. Actual Results: There was no minibug found. I also didn't get the cometsys file. I will continue to use the add on and hope to eventually reproduce it. Expected Results: Wasn't sure. I was hoping to re-create the spyware installed which hasn't happened yet. The only two programs running were Firefox and Stumbleupon.
|
||
Comment 1•19 years ago
|
||
Where did you get your copy of the StumbleUpon extension? Can you describe the "Flash8" popups in more detail? On what sites were you seeing these popups?
|
|
||
Comment 2•19 years ago
|
||
Btw, the "real" UI for when a site needs Flash is a yellow bar at the top of the page, and if the plugin's dimensions are large enough, a puzzle piece icon replacing the plugin. Clicking the yellow bar or the puzzle piece brings up a wizardy thing.
Whiteboard: [sg:needinfo]
|
|
||
Comment 3•19 years ago
|
||
Making this bug report public. If this is real and due to a security hole in Firefox, the "bad guys" already know about it, so keeping it hidden doesn't protect other Firefox users.
Group: security
(In reply to comment #1) > Where did you get your copy of the StumbleUpon extension? Right from Firefox site in the most popular section. > > Can you describe the "Flash8" popups in more detail? On what sites were you > seeing these popups? I was seeing this on CNET and my msn hotmail page along with Ebay and various tech sites. There was a yellow bar that went accross with a red exclamation point and it said, "You need to install Flash 8 to veiw web page" I don't recall as clearly, the color of the letters, I want to say green though. When it would pop up, I would click on it as i have done with other typical Flash updates but it would just dissappear. The web page remained scratchy looking. The funny thing, I had already installed Flash updates and thought this was a Firefox thing. I only actually clicked on it twice since something didn't seem right, also I had exactly two instances of COMETSYS on my pc thereafter, along with the minibug.I apologize for being ill prepared, I am no stranger to computers but first time with Firefox. >
(In reply to comment #2) > Btw, the "real" UI for when a site needs Flash is a yellow bar at the top of > the page, and if the plugin's dimensions are large enough, a puzzle piece icon > replacing the plugin. Clicking the yellow bar or the puzzle piece brings up a > wizardy thing. > That's just it, there was nothing besides the yellow bar, the Red exclamation point and what I can remember , green writing saying "You need to install Flash 8 to veiw web page". I immediately started scanning for spyware etc...figuring this may be a bogus Flash 8 update.
(In reply to comment #3) > Making this bug report public. If this is real and due to a security hole in > Firefox, the "bad guys" already know about it, so keeping it hidden doesn't > protect other Firefox users. Found this in my Adaware scan , didn't think it was still there... COMETSYSTEMS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[1]=File : C:\VCOM\MXCYCLE\00002044 obj[2]=File : C:\VCOM\MXCYCLE\00002045 It was qaranteened by my vcom antivirus and then adaware quaranteened it also. I had run a scan, deleted cookies, did a virus scan etc...before installing FX and Stumbleupon, none of this showed up. I also would like to mention that I do not and didn't go to any porn sites, or off the wall sites. I usually stay withing tech sites, Ebay, Cnet, Download.com etc...Once I rid myself of COMETSYSTEMS, mini bug went away also and 48 others. I currently haven't had any install Flash popups since ridding myself of Stumbleupon and COMETSYSTEMS. I do have Stumbleupon and am trying to re-create this scenario. Thank you.
|
||
Comment 7•19 years ago
|
||
I have seen a couple of sites that have imitated the yellow bar to do things like this and as I recall the missing plugin yellow bar does not have a red exclamation point though I recall one of the sites I saw this on having a red exclamation point in the imitation bar.
|
|
||
Comment 8•19 years ago
|
||
paul, I highly suspect from the descriptions you have provided this sounds like it may have been due to a site mimicking the yellow bar that is displayed for missing plugins (e.g. your statement of "You need to install Flash 8 to veiw web page"). There is nothing that can be done to fix this in the Extension Manager. Reassigning to Firefox -> General so someone can triage this and put it in the right product / component
Component: Extension/Theme Manager → General
QA Contact: extension.manager → general
|
||
Comment 9•18 years ago
|
||
Changing the component to phishing protection as it seems a better match.
Component: General → Phishing Protection
QA Contact: general → phishing.protection
|
|
||
Updated•18 years ago
|
Summary: New user to Firefox 1.5, added stumbleupon add on. I began getting Flash8 needs to install in order to veiw webpage. When clicked on, it would dissappear and install nothing. Then I began to get a lot of spyware. → spyware picked up from site spoofing plugin finder UI?
|
|
||
Comment 10•18 years ago
|
||
Sorry for the bugspam, finding a better home for this bug. I'm not sure that there's enough detail available in this report to do anything about it, but the issue appears to have started with a site spoofing the plugin finder UI. This may need to turn into an INVALID if we can't get more details, but I'll leave that to someone else to determine.
Component: Phishing Protection → Security
QA Contact: phishing.protection → firefox
|
||
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•