Closed Bug 448484 Opened 13 years ago Closed 13 years ago

Site badgers user with download dialog until user accepts malware or force-quits

Categories

(Firefox :: Security, defect)

x86
Windows Vista
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 61098

People

(Reporter: jeidsath, Unassigned)

References

()

Details

(Whiteboard: [sg:low] DUPEME)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

The above URL (http://transcend-staging-1.com/default.html) is a spam link to a site that attempts to install malware on Firefox. It is able to lock up Firefox using Javascript and is also able to force an install of Yahoo Toolbar (https://addons.mozilla.org/en-US/firefox/addon/2032) without user permission. Has anyone verified that this addon actually comes from Yahoo? 

Reproducible: Didn't try
The url is not working for me, I get "Access forbidden!".
Try a Google search for "Watch Free Movie - Update Every Hour!" and you will come up with a number of sites infected by this. After clicking through the links for a while, I was able to find one that was still up halfway down Google's front page.

It appears that to get the Javascript loop started, you need to click the 'X' on the fake Windows window. The Javascript loop works in Linux, but the Yahoo toolbar was not installed. 
> Try a Google search for "Watch Free Movie - Update Every Hour!"

On one of these sites, I get a repeated alert() followed by a download dialog.  Not an insta-pwn, and pretty hard to prevent :(
Group: core-security
Summary: "Yahoo Toolbar" is Malware? → Site badgers user with download dialog until user accepts malware or force-quits
Whiteboard: [sg:low]
dupe of bugs on letting users kill modal-dialog loops?
Blocks: eviltraps
Whiteboard: [sg:low] → [sg:low] DUPEME
No longer blocks: eviltraps
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: alertloops
You need to log in before you can comment on or make changes to this bug.