Closed Bug 441310 Opened 17 years ago Closed 17 years ago

JS/Downloader.Agent virus notification after google checkout session.

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: budzilla75235, Unassigned)

Details

(Whiteboard: [sg:needinfo])

Attachments

(1 file)

virus notification screen capture
53.58 KB, image/jpeg
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 A Virus was detected upon completion of a credit card transaction at www.popcornhour.com, but using the google checkout. The AVG Virus detection showed it was downloaded at 7:01 am. Transation completed about 8:36am CDT. All the links I visited in the past two hours were on the "referrals" page of popcornhour.com from top to bottom. Before making the purchase, I clicked on "open in new window" the secured session was in its own window, while the others remained open. The virus message JS/Downloader.Agent appeared as I finished the transaction. Correct shipping and billing info were e-mailed to me and appeared on my online receipt. I heard there was a new vulnerability of Firefox. I hope this information helps you. I have not had a virus in two years. The sites I visit are usually just tech sites. David Hart, 214-728-6591 Reproducible: Didn't try Steps to Reproduce: 1. 2. 3.
i put the virus in my virus vault. let me know if you want it.
You are almost certainly not at risk from this. As part of normal processing browsers download temporary copies of the web pages you're browsing, and these temporary copies go into the "cache" (as seen in the screen shot you attached). We don't know of any active attacks against current versions of Firefox, and if AVG knew about it to create a definition for it we probably would. "JS/Downloader.Agent" is an extremely generic description http://www.avg.com/us.virbase.idv-288757 Almost all such detection are scripts that attack old IE flaws and wouldn't affect any version of Firefox, but if you attach the virus to this bug we can double-check that. If the script had been effective against your browser you would normally see malware detected elsewhere on the system, whatever the "downloader" was designed to install. There's a small chance it was a false-positive on the part of AVG. It's more likely to be exactly what AVG said it was. Even if you're sure popcornhour.com is honest it's possible _they_ were hacked to include malware links. That kind of thing is happening increasingly often, and the new malware-site detection in Firefox 3 was designed to protect against it by taking advantage of Google's web scanning to look for malware while it's building up it's search index. Firefox 2 only has phishing protection which is much more limited in scope.
Whiteboard: [sg:needinfo]
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
Group: core-security
(In reply to comment #2) > (...) taking advantage of Google's > web scanning to look for malware while it's building up it's search index. > (...) So, it seems it is trivially easy to "hide" "malware" from Google/Firefox: just put it in some separate directory on webserver and instruct Googlebot via robots.txt to never visit the place. Am I right?
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: