Closed Bug 503630 Opened 11 years ago Closed 11 years ago

possible installation of an malware when visiting http://www.twiztv.com/

Categories

(Firefox :: Security, defect, critical)

x86
Windows Vista
defect
Not set
critical

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: malte.hoog, Unassigned)

References

(Blocks 1 open bug, )

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)

Click on the above website:

http://www.twiztv.com/cgi-bin/transcript.cgi?episode=http://dmca.free.fr/scripts/sixfeetunder/season1/sfu-108.htm

It will install an exe file named 16320294.exe on your computer and will start scanning your computer, will change your desktop picture and will disable all other options like CTRL+ALT+DELETE.


Reproducible: Always

Steps to Reproduce:
1. Click here: http://www.twiztv.com/scripts/sixfeetunder/
2. Click on "1-08 - Crossroads"
3.
I don't see anything specific on the site that's malicious, but it does use an ad network and those sometimes get hacked (and serve rotating content, so the fact I don't see anything doesn't mean it wasn't there earlier and won't be back for the next guy).

What plugins do you have installed, and what versions? You can find this out from the Add-ons dialog on the Tools menu.
You're right, I tried it again couple of minutes ago, nothing happened.  It did happen three times though.  I guess, as you pointed out, the content is rotating.

Here is the list of plugins I have:
Adobe Acrobat 9.1.0.163
Java Platform SE 6 U7 6.0.70.6
Movie Player 713.3.0.6
Mozilla Default Plugin 1.0.0.15
Shockwave Flash 10.0.22.86
Windows Presentation Foundation 3.5.30729.1
If more information is available on this site please post.  we could also try and get it ckecked out by stopbadware.org

reopen if incomplete doesn't make sense.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Summary: If you click on the above website, it will install an executable file (malware) on your computer and will start scanning your computer. → possible installation of an malware when visiting http://www.twiztv.com/
You need to log in before you can comment on or make changes to this bug.