Closed Bug 493335 Opened 15 years ago Closed 13 years ago

got rootkit.agent

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: ktleong2000, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

My Firefox contacted a rootkit agent immediately going to pornhub.com  I had had a hard time cleaning this rookit out of my system.  Prior to upgrading to 3.0.10 I am fine surfing to pornhub.com but now I feel like using microsoft internet explorer again.  Please fix.  Thank you.

Reproducible: Always

Steps to Reproduce:
just click www.pornhub.com
Actual Results:  
infected by virus rookit.

Expected Results:  
PC can NOT boot anymore.  Have to install tons of anti malware to get rid of it.  Firefox not safe anymore.  Be warn.
Without any details of *what* malware you encountered, there's nothing that be done. And even if we have that info, then there's always the possibility that it has nothing to do with Firefox in itself, but you got infected due to a hole in your OS.

Loading images and flash and such would be fine, they should not infect your computer, even though your anti-virus tool might warn you when it encounters that file in the cache (where it's harmless, unless you execute it directly). Most malware just tricks you into downloading some software (like a codec). In that case, it's not a bug in the browser (or the OS), it's the user that is at fault. Anti-virus software and similar tries to prevent that. The built-in malware protection in Firefox tries to recognize the site if it knows that it's a dangerous one (in which case it needs to be reported).
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
(In reply to comment #0)
> Prior to upgrading to 3.0.10 I am fine surfing to pornhub.com

Firefox 3.0.10 cannot possibly be less safe than previous versions, there was only one crash fix in it. It was more likely coincidental timing that pornhub got infected around that time.

(In reply to comment #1)
> Loading images and flash and such would be fine, they should not infect your
> computer,

People get infected through Flash ALL THE TIME. Plugins are a very popular malware vehicle because they affect all browsers. Flash, Java, QuickTime, PDF's and Microsoft Office documents are popular with exploit writers -- make sure you're fully up-to-date on any and all plugins. Any software exposed to content loaded over the internet actually.
I don't see anything particularly evil on pornhub at the moment (at least not on the front page you linked to), maybe one of their 3rd-party ad servers got compromised.
I could have accidental click on something.  But I never download any codec or anything from pornhub.com not suppose to because all video uses the embedded player.  Unless a hole in my embedded microsoft media player in firefox.
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---
What plugins and versions do you have? Open the Add-ons dialog from the Tools menu, then click on the Plugins tab.
You asked a Good question.
I have 
Adblock Plus , Customs Button2 , Fox Saver , Multirow Bookmarks Toolbar , and Yoono - Socialize Your Browser.

All of which I do not need and was not asked to be installed.  I will take them all out NoW.

Thanks for the suggestion.
I also have Window Media PLayer Direct Link Library , Shockwave Flash , RealPLayer G2 LiveConnect-Enabled Plug-in (32bit) , RealPlayer Version PLugin , Mozilla Default Plug-in, Microsoft DRM (Store Netscape / Netscape Network Object) , Java Platform SE 6 US ,  Google Update , and Adobe Acrobat.

I know I need some of these but not all.
Blocks: malware-attacks
Do you still see this with Firefox 3.6.13 or later and the latest versions of all your plugins?
No.  No more such occurance.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago13 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.