Closed
Bug 334880
Opened 18 years ago
Closed 18 years ago
Windows Live OneCare found a virus in my cache (was: Security Flaw allows virus to be loaded via firefox)
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: bugzilla, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 When I visited this site, which is infected by the bloodhound virus, it offers me the opportunity to download the file. If I refuse, Firefox still caches the virus on the machine in temporary files. Reproducible: Always Steps to Reproduce: 1.visit http://www.geniusnet.com 2.refuse the download 3.make sure you have up to date virus scanner as otherwise your machine will be infected. Blog user at this site shows results with screen grab. http://nunchuckblog.com/index.php?/archives/16-Genius-website-distributing-Bloodhound-Virus.html Actual Results: Machine is infected with virus Expected Results: If I refuse a download, it should not cache the download on the computer
Here is the support log from my antivirus to show the place that the file was downloaded. Please note that I REFUSED the download.(particularly since its called exploit.wmf Could this be a hacker showing proof of concept code? 21/04/2006 01:02 Windows Live OneCare found a virus on your computer FileName: C:\Documents and Settings\Grant\Local Settings\Application Data\Mozilla\Firefox\Profiles\1f5xu7zn.default\Cache\13D3E7FBd01 VirusName: Exploit:Win32/Wmfap Infection was found by On Access Protection: (ANTIVIRUS_ONACCESS_SUSPICIOUS) Disinfection Result: Quarantined Success 21/04/2006 01:02 Windows Live OneCare found a virus on your computer FileName: C:\Documents and Settings\Grant\Local Settings\Application Data\Mozilla\Firefox\Profiles\1f5xu7zn.default\Cache\13D3E7FBd01 VirusName: Exploit:Win32/Wmfap Infection was found by On Access Protection: (ANTIVIRUS_ONACCESS_SUSPICIOUS) Disinfection Result: ANTIVIRUS_ONINFECTION_RESULT_FOUND Success
Comment 2•18 years ago
|
||
*** Bug 334882 has been marked as a duplicate of this bug. ***
Comment 3•18 years ago
|
||
*** Bug 334881 has been marked as a duplicate of this bug. ***
Comment 4•18 years ago
|
||
Were these virusy files actually about to be run, or is your antivirus software just being stupidly paranoid like in bug 333152? Making this public because even if it is a security hole in Firefox (which I don't think is the case), it's something that malware people already know about.
Group: security
Updated•18 years ago
|
Summary: Security Flaw allows virus to be loaded via firefox → Windows Live OneCare found a virus in my cache (was: Security Flaw allows virus to be loaded via firefox)
I marked it as private as I don't want any malware guys to take advantage however I have looked in my quarantined files and the virus has definately downloaded onto my machine. regarding the case of they were about to run, I can't answer that without taking a chance on my production machine! It is possible that its a repetition of the same fault, what is concerning is that a file thats been refused is downloaded onto the machine! replace it with an autorun type file and it could be a problem. If someone else can try it out on the site, which is still virus infected, perhaps they could find more information. Internet explorer fairs far worse as it doesn't give you the option to refuse the download. Theoretically the problem could be windows related, I remember something about wmf files before.
Comment 6•18 years ago
|
||
The "cache" is a temporary copy of parts of the internet. In any practical sense it is not "on" your machine any more than it was when the browser found it -- nothing but the browser will read those files, and if the browser were an infection vector it would be infected from the internet copy even if caching were turned off. If infected files show up *outside* the cache then you've gotten the virus. Otherwise consider infected cached copies to be a warning. Check up on the virus (most of the time they're IE exploits that don't even infect Firefox) and in the future stay away from the "bad neighborhood" where you got the file.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•