Closed Bug 530452 Opened 10 years ago Closed 10 years ago

Visiting this page gave me a rootkit

Categories

(Firefox :: General, defect, major)

x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: nitr0, Unassigned)

References

(Blocks 1 open bug, )

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

When I visit link http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814, I saw a warning about execution of unsigned code. I press "No", but after that I saw in system rootkit. Malware code are in iframe in the end of HTML, and uses 'referrer' field to make learning of it harder.

Reproducible: Always

Steps to Reproduce:
1. Open http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814
2. Scan system for malware/rootkits

Actual Results:  
Infected system
The warning about unsigned code execution came from web content, not from Firefox.  This is just a report of a malware site, not a bug in Firefox.  It should probably be RESOLVED INVALID but I'll wait for someone else to concur.
Summary: Security branch (unwanted code execution) → Visiting this page gave me a rootkit
I visited the URL specified in my Windows VM and saw no such warning.  There's not much we can do with this report, I'm afraid.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.