As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact bugzilla-admin@mozilla.org
Last Comment Bug 713050 - Malicious "Free Cheesecake Factory" Add-On
: Malicious "Free Cheesecake Factory" Add-On
Status: RESOLVED FIXED
[extension][hardblock]
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Justin Scott [:fligtar]
:
: Jorge Villalobos [:jorgev]
Mentors:
http://www.hyphenet.com/blog/2011/12/...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-22 11:40 PST by MarkH
Modified: 2016-03-07 15:30 PST (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description User image MarkH 2011-12-22 11:40:03 PST
Created attachment 583881 [details]
malicious_addon.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

The third-party add-on "Free Cheesecake Factory" is malicious is actively generating spam on Facebook.  It steals the user's browser cookies for Facebook and sends out numerous messages on the users behalf.  It also takes actions to hide its activity by injecting an overlay image into the DOM when the user attempts to view their news feed in Facebook.  The malicious plugin and the JS files it loads remotely are attached.



Actual results:

Installed the malicious "Free Cheesecake Factory" add-on and it resulting in spam being posted to a Facebook account.
Comment 1 User image Jorge Villalobos [:jorgev] 2011-12-22 12:16:56 PST
Id: youtube@youtube2.com
Comment 2 User image Justin Scott [:fligtar] 2011-12-22 12:19:02 PST
UUID youtube@youtube2.com
Comment 3 User image Justin Scott [:fligtar] 2011-12-22 12:19:37 PST
yes, I midaired you and didn't care :p
Comment 4 User image Justin Scott [:fligtar] 2011-12-22 13:13:05 PST
Blocked in production.

https://addons.mozilla.org/en-US/firefox/blocked/i47
Comment 5 User image Justin Scott [:fligtar] 2011-12-29 19:56:11 PST
Yikes, this add-on had 600,000 users and was growing about 50,000 per day until it was blocked.
Comment 6 User image Justin Scott [:fligtar] 2012-01-19 21:14:46 PST
Please file these bugs in Blocklisting component in the future.

Note You need to log in before you can comment on or make changes to this bug.