Closed Bug 530452 Opened 15 years ago Closed 14 years ago

Visiting this page gave me a rootkit

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: nitr0, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

When I visit link http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814, I saw a warning about execution of unsigned code. I press "No", but after that I saw in system rootkit. Malware code are in iframe in the end of HTML, and uses 'referrer' field to make learning of it harder.

Reproducible: Always

Steps to Reproduce:
1. Open http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814
2. Scan system for malware/rootkits

Actual Results:  
Infected system
The warning about unsigned code execution came from web content, not from Firefox.  This is just a report of a malware site, not a bug in Firefox.  It should probably be RESOLVED INVALID but I'll wait for someone else to concur.
Summary: Security branch (unwanted code execution) → Visiting this page gave me a rootkit
Blocks: malware-attacks
I visited the URL specified in my Windows VM and saw no such warning.  There's not much we can do with this report, I'm afraid.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.