User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) Click on the above website: http://www.twiztv.com/cgi-bin/transcript.cgi?episode=http://dmca.free.fr/scripts/sixfeetunder/season1/sfu-108.htm It will install an exe file named 16320294.exe on your computer and will start scanning your computer, will change your desktop picture and will disable all other options like CTRL+ALT+DELETE. Reproducible: Always Steps to Reproduce: 1. Click here: http://www.twiztv.com/scripts/sixfeetunder/ 2. Click on "1-08 - Crossroads" 3.
I don't see anything specific on the site that's malicious, but it does use an ad network and those sometimes get hacked (and serve rotating content, so the fact I don't see anything doesn't mean it wasn't there earlier and won't be back for the next guy). What plugins do you have installed, and what versions? You can find this out from the Add-ons dialog on the Tools menu.
You're right, I tried it again couple of minutes ago, nothing happened. It did happen three times though. I guess, as you pointed out, the content is rotating. Here is the list of plugins I have: Adobe Acrobat 184.108.40.206 Java Platform SE 6 U7 220.127.116.11 Movie Player 718.104.22.168 Mozilla Default Plugin 22.214.171.124 Shockwave Flash 10.0.22.86 Windows Presentation Foundation 3.5.30729.1
If more information is available on this site please post. we could also try and get it ckecked out by stopbadware.org reopen if incomplete doesn't make sense.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Summary: If you click on the above website, it will install an executable file (malware) on your computer and will start scanning your computer. → possible installation of an malware when visiting http://www.twiztv.com/
You need to log in before you can comment on or make changes to this bug.