Last Comment Bug 713050 - Malicious "Free Cheesecake Factory" Add-On
: Malicious "Free Cheesecake Factory" Add-On
Status: RESOLVED FIXED
[extension][hardblock]
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Justin Scott [:fligtar]
:
Mentors:
http://www.hyphenet.com/blog/2011/12/...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-22 11:40 PST by MarkH
Modified: 2016-03-07 15:30 PST (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description MarkH 2011-12-22 11:40:03 PST
Created attachment 583881 [details]
malicious_addon.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

The third-party add-on "Free Cheesecake Factory" is malicious is actively generating spam on Facebook.  It steals the user's browser cookies for Facebook and sends out numerous messages on the users behalf.  It also takes actions to hide its activity by injecting an overlay image into the DOM when the user attempts to view their news feed in Facebook.  The malicious plugin and the JS files it loads remotely are attached.



Actual results:

Installed the malicious "Free Cheesecake Factory" add-on and it resulting in spam being posted to a Facebook account.
Comment 1 Jorge Villalobos [:jorgev] 2011-12-22 12:16:56 PST
Id: youtube@youtube2.com
Comment 2 Justin Scott [:fligtar] 2011-12-22 12:19:02 PST
UUID youtube@youtube2.com
Comment 3 Justin Scott [:fligtar] 2011-12-22 12:19:37 PST
yes, I midaired you and didn't care :p
Comment 4 Justin Scott [:fligtar] 2011-12-22 13:13:05 PST
Blocked in production.

https://addons.mozilla.org/en-US/firefox/blocked/i47
Comment 5 Justin Scott [:fligtar] 2011-12-29 19:56:11 PST
Yikes, this add-on had 600,000 users and was growing about 50,000 per day until it was blocked.
Comment 6 Justin Scott [:fligtar] 2012-01-19 21:14:46 PST
Please file these bugs in Blocklisting component in the future.

Note You need to log in before you can comment on or make changes to this bug.