Closed Bug 559985 Opened 15 years ago Closed 9 years ago

possible malware crashes in notepad.dll [@ notepad.dll@0x40f7 ] and others

Categories

(External Software Affecting Firefox :: Other, defect)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: chofmann, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, user-doc-needed)

Crash Data

about 200 crashes per day in possible malware that gets installed in c:\windows\system32\notepad.dll See: http://www.threatexpert.com/files/notepad.dll.html and other search results for "notepad.dll" signature list 96 notepad.dll@0x40f7 29 notepad.dll@0x3a13 26 notepad.dll@0x40fa 14 notepad.dll@0x3a4a 8 notepad.dll@0x40be 2 notepad.dll@0x403e 2 memcmp | notepad.dll@0x1434 1 notepad.dll@0x3a66 checking --- notepad.dll 20100415-crashdata.csv found in: 3.6.3 3.5.9 3.6 3.5.7 3.0.14 3.0.9 3.0.19 3.0.16 release total-crashes notepad.dll crashes pct. all 351003 178 0.000507118 3.6.3 242386 143 0.000589968 3.5.9 31706 24 0.000756955 3.6 19351 4 0.000206708 3.5.7 2348 2 0.000851789 3.0.14 288 2 0.00694444 3.0.9 125 1 0.008 3.0.19 10321 1 9.68898e-05 3.0.16 232 1 0.00431034 os breakdown notepad.dllTotal 176 Win5.1 0.65 Win6.0 0.31 Win6.1 0.04 Mac10.4 0.00 Mac10.5 0.00 Mac10.6 0.00 Lin2.4 0.00 Correlation to startup or time of session 178 total crashes for notepad.dll on 20100415-crashdata.csv 6 start up crashes inside 30 seconds of startup 40 start up crashes inside 3 minutes of startup domains of sites 25 http://www.facebook.com 16 \N// 12 http://www.youtube.com 11 http://home.myspace.com 9 http://apps.facebook.com 5 https://login.facebook.com 5 http://www.myspace.com 5 http://messaging.myspace.com 4 http://wq32.com 4 http://viewmorepics.myspace.com 4 about:blank// 3 http://friends.myspace.com 2 http://www.yahoo.com 2 http://www.yachtcouncil.com 2 http://www.tuenti.com 2 http://www.ken-welch.com 2 http://msn.foxsports.com <long tail snipped> stacks look like http://crash-stats.mozilla.com/report/index/be32c38f-13cf-4fbb-a3e6-b7b682100410 0 notepad.dll notepad.dll@0x40f7 1 notepad.dll notepad.dll@0x4172 2 notepad.dll notepad.dll@0x4108 3 notepad.dll notepad.dll@0x4172 4 notepad.dll notepad.dll@0x289c 5 @0x0 6 @0x1648df6f 7 nspr4.dll _PR_MD_RECV nsprpub/pr/src/md/windows/w95sock.c:327 8 nspr4.dll SocketRead nsprpub/pr/src/io/prsocket.c:657 9 xul.dll nsSocketInputStream::Read netwerk/base/src/nsSocketTransport2.cpp:353 10 xul.dll nsHttpConnection::OnWriteSegment netwerk/protocol/http/src/nsHttpConnection.cpp:632 11 xul.dll nsHttpTransaction::WritePipeSegment netwerk/protocol/http/src/nsHttpTransaction.cpp:499 12 xul.dll nsPipeOutputStream::WriteSegments xpcom/io/nsPipe3.cpp:1137 13 @0x93 14 xul.dll nsHttpTransaction::WriteSegments netwerk/protocol/http/src/nsHttpTransaction.cpp:525 15 xul.dll nsHttpConnection::OnSocketReadable netwerk/protocol/http/src/nsHttpConnection.cpp:648 16 xul.dll nsHttpConnection::OnInputStreamReady netwerk/protocol/http/src/nsHttpConnection.cpp:762 17 xul.dll nsSocketInputStream::OnSocketReady netwerk/base/src/nsSocketTransport2.cpp:256 18 xul.dll nsSocketTransport::OnSocketReady netwerk/base/src/nsSocketTransport2.cpp:1519 19 xul.dll nsSocketTransportService::DoPollIteration netwerk/base/src/nsSocketTransportService2.cpp:674 20 xul.dll nsSocketTransportService::OnProcessNextEvent netwerk/base/src/nsSocketTransportService2.cpp:538 21 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:508 22 xul.dll NS_ProcessPendingEvents_P obj-firefox/xpcom/build/nsThreadUtils.cpp:200 23 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:250 24 xul.dll nsSocketTransportService::Run netwerk/base/src/nsSocketTransportService2.cpp:581 25 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527 26 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:250 27 xul.dll nsThread::ThreadFunc xpcom/threads/nsThread.cpp:254 28 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:426 29 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:122 30 mozcrt19.dll _callthreadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:348 31 mozcrt19.dll _threadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:326 32 kernel32.dll BaseThreadStart more at http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=notepad.dll@0x40f7 and http://crash-stats.mozilla.com/query/query?product=Firefox&date=&range_value=1&range_unit=weeks&query_search=signature&query_type=startswith&query=notepad.dll&build_id=&process_type=all&do_query=1 only defense might be to instruct users to check and remove.
looks like it first appeared 12/09/2009 date crashes at notepad.dll 20091201 0 20091202 0 20091203 0 20091204 0 20091205 0 20091206 0 20091207 0 20091208 8 20091209 30 20091210 31 20091211 33 20091212 38 20091213 82 20091214 151 20091215 252 20091216 351 20091217 313 20091218 309
Crash Signature: [@ notepad.dll@0x40f7 ]
Closing old bugs in the Plugins component. We aren't going to track issues in 3rd-party plugins in the Mozilla bug tracker. In addition, support for NPAPI plugins will be removed at the end of this year; for more details see the post at https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/ If there is a serious bug in Firefox, it needs to be filed in the "Core" product, "Plug-Ins" component.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.