Closed Bug 612558 Opened 9 years ago Closed 4 years ago

reports of Trojan-Dropper-Headshot affecting firefox


(External Software Affecting Firefox :: Other, defect)

Not set


(Not tracked)



(Reporter: chofmann, Unassigned)


(Blocks 1 open bug)


"... Brandt further stated that his research team has also found that the malware has added one more interesting installer to its list of infections: a small executable called seupd.exe, which makes two small (but obnoxious) alterations to Firefox.

Brandt adds that, these alterations modifies the behavior of Firefox's search bar, a small box that allows users to send inquiries straight away to the search engines, situated to the right of the Address Bar.

Brandt states that these alterations are not instantly visible unless the user attempts to search Google for some information, with the help of Address Bar or the Search Box. Rather than submitting the user's search keyword to Google, the web browser sends search keywords to one of the six variant domains not owned by Google, but which seem to utilize the Google API to display results and, apparently, earn some ad income.

The alterations append a file named user.js to the presently logged-in user's Firefox profile. Although occurrence of such kind of a is not essentially a signal of infection, in this situation, the user.js file includes instructions that inform the web browser where to send search queries, in case when users has set 'Google' as the default search engine.

Additionally, the Trojan adds a file called google_search.xml into the search plug-ins directory under the Firefox's program files directory, and removes the google.xml file that is usually located there.
Closing old bugs in the Plugins component. We aren't going to track issues in 3rd-party plugins in the Mozilla bug tracker. In addition, support for NPAPI plugins will be removed at the end of this year; for more details see the post at

If there is a serious bug in Firefox, it needs to be filed in the "Core" product, "Plug-Ins" component.
Closed: 4 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.