Closed Bug 530452 Opened 12 years ago Closed 12 years ago
Visiting this page gave me a rootkit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:18.104.22.168) Gecko/20091102 Firefox/3.5.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:22.214.171.124) Gecko/20091102 Firefox/3.5.5 When I visit link http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814, I saw a warning about execution of unsigned code. I press "No", but after that I saw in system rootkit. Malware code are in iframe in the end of HTML, and uses 'referrer' field to make learning of it harder. Reproducible: Always Steps to Reproduce: 1. Open http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814 2. Scan system for malware/rootkits Actual Results: Infected system
The warning about unsigned code execution came from web content, not from Firefox. This is just a report of a malware site, not a bug in Firefox. It should probably be RESOLVED INVALID but I'll wait for someone else to concur.
Summary: Security branch (unwanted code execution) → Visiting this page gave me a rootkit
I visited the URL specified in my Windows VM and saw no such warning. There's not much we can do with this report, I'm afraid.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.