Closed Bug 647219 Opened 9 years ago Closed 7 years ago

XP Anti-Virus 2011 infection after visit to http://ebookee.org/Elektor-Electronics-April-2011-UK-_1111405.html

Categories

(Firefox :: General, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED INVALID

People

(Reporter: chofmann, Unassigned)

References

(Blocks 1 open bug)

Details

reported on
> dev-security mailing list
> dev-security@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security


On 3/31/11 9:18 PM, jackalek wrote:
> I've been infected by malware today
> http://www.virustotal.com/file-scan/report.html?id=6272bc38294005a43db2440ed0eede7ac27c8ed67c368accf9b87a5ab52a0b3e-1301630398
> called  XP Anti-Virus 2011
> Avira skiped it - at the time just a few antyviruses detect it.
> How I got it
> ff4 on windows xp sp3 running with admin rights (i know stupid)
>
> ran this google search
> http://www.google.co.uk/#sclient=psy&hl=en&q=elektor+download&aq=f&aqi=&aql=&oq=&pbx=1&fp=5f249b55c4d46e3
>  and went to this address
> http://ebookee.org/Elektor-Electronics-April-2011-UK-_1111405.html
> at this stage nothing happens unless you click anywhere on the page
> then a new windows pops out
> http://ebookee.org/popular/ebookee.com.html
> after a few seconds I got alert from windows security manager telling
> me my firewall is disaled, firefox has been closed and I got annoying
> shiled with fake virus scan.
> I went to safe mode and spent good half hour before manually getting
> rid of this ****, it took ever exe extension in order to run itself
> even in safe mode.
>
> I've tired to run firefox again in sandbox but it seems not to trigger
> this infection again.
>
> There was no interacton form my side, just new window popped and thats
> it.
> Can anyone recreate this steps in order to finad a way how this
> byspassed firefox ?
>
> How can I help with investigation ?
> I've got sample of the trojan but don't think this would explain
> possible security breach in firefox.
>
> Regards
> Sam
>

Sam,  can you also indicate what versions of plugins you are running.  you can find this by typing about:plugins
> firefox has been closed

can you also check for any resent crash reports?

type about:crashes in the location bar to see a history of crashes.

if you can paste the crash report ids into this bug.
As requested, list of plugins

http://pastehtml.com/view/1dw9b68.rtxt

about:crashes shows one crash from 2009 which is pretty old one so not relevant

Regards,
Sam
Is this report still useable after 2 years ?
Flags: needinfo?(chofmann)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Flags: needinfo?(chofmann)
You need to log in before you can comment on or make changes to this bug.