Closed Bug 656256 Opened 9 years ago Closed 9 years ago
Virus installed via Google Image Search while using Firefox 4
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 A virus was installed on my computer while browsing images with Google Image Search. This is the first virus infection I've had in five years. This infection occurred within 4 hours of upgrading to Firefox 4.0.1 (from Firefox 3). Reproducible: Always Steps to Reproduce: 1. Go to the following URL and the virus installation attempt should be triggered: http://www.google.com/imgres?imgurl=http://bogarin.blogsome.com/images/nevada2_01.jpeg&imgrefurl=http://www.imprezypodroznicze.pl/wer/natsumi%2520tsuji%2520nevada%2520tan-26446.html&usg=__OELuzsW8EicyTrJXFp7r2OsMr8E=&h=170&w=200&sz=10&hl=en&start=10&zoom=1&tbnid=0VubG1o-X2tOFM:&tbnh=88&tbnw=104&ei=lm_KTb3pBa7QiALJn_SkBg&prev=/search%3Fq%3Dnevada%2Btan%26hl%3Den%26biw%3D1024%26bih%3D614%26gbv%3D2%26tbm%3Disch&itbs=1 If that doesn't work: 1. Go to this URL: http://www.google.com/search?tbm=isch&hl=en&source=hp&biw=1024&bih=614&q=nevada+tan&gbv=2&aq=f&aqi=&aql=&oq= 2. Begin clicking on each of the images and continue doing so until the virus installation is triggered. Actual Results: A very malicious virus was installed on my computer. Expected Results: Firefox should not have allowed this virus installation. There appears to be a security hole in Firefox 4 that allowed for this. I'm using Windows XP Professional SP3 The virus installs and begins its malicious activity almost immediately after clicking to view the image. Avira Antivirus was able to detect and block some of the virus' activity. However, the virus was still able to render the computer virtually useless and a system restore was required.
What plugins do you have installed (and versions)? You can find this information by going to https://www.mozilla.com/en-US/plugincheck/
Google image search has become notorious for linking to malware sites recently. The ones we've seen have all used exploit packs that focus on plugin vulnerabilities. hard to say what was actually used when you hit the search because the results change constantly.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.