Closed Bug 702567 Opened 13 years ago Closed 12 years ago

Proxy changing in all browsers without user consent by malware!

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Version:
8 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: sheik.it52, Unassigned)

Details

Attachments

(1 file)

proxy changing without user consent in firefox by malware.doc
73.00 KB, application/octet-stream
Details
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0 Build ID: 20111104165243 Steps to reproduce: Malware sample: MD5: 466688E7B5849F4BED92F98B4F99042A SHA1: 46167CBB9D1C37497B1C0CF87877D945D9D26C83 VT results for the file- http://www.virustotal.com/file-scan/report.html?id=9a3424836e5798698c5b50f1872846cddb041f391d228dc2f4d8cce722b2d55c-1315893017 I executed this sample as part of my research! Actual results: This malware change the automatic proxy config url without user consent! http://micro.asfsecure.com/kb971033.php The link is not active. But previously visited records states that script which redirect to fake banking site instead of legit one (sites mentioned in the script). Expected results: I feel it might be a vulnerability which helps malware to do this! It should asks user whether to change proxy or not? Then it can be avoided!
We use the google service for phishing protection and you have to report sites to google and not here in bugzilla
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Actually, my point is not just about phishing protection, it changes proxy config url without any user consent. Its okay! Thanks for your comment!
If you executed malware locally, you are lost. we have no way to stop the malware changing the proxy settings.
Good!
locally executed malware can do everything that the user Account under which it runs can do.It could for example replace Firefox with Google Chrome and there is nothing that we can do about this.
Yes, i observed this in all the top browsers... I reported this long back... (2011-11-15 03:36:11 PST)... I agree, not only firefox, chrome also states the same that they couldn't fix it!
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: