Last Comment Bug 714221 - Malicious "Youtube Speed UP!" Add-On
: Malicious "Youtube Speed UP!" Add-On
Status: RESOLVED FIXED
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Justin Scott [:fligtar]
:
: Jorge Villalobos [:jorgev]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-29 19:33 PST by MarkH
Modified: 2016-03-07 15:30 PST (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description MarkH 2011-12-29 19:33:24 PST
Created attachment 584906 [details]
youtube.xpi

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

A malicious add-on, named "Youtube Speed UP!" is being served to Facebook users via a fake YouTube page.  The add-on sends spam to a user's Facebook friends by stealing their browser cookies.

This is similar to the "Free Cheesecake Factory" add-on we reported last week.


Actual results:

Installed add-on, spam sent from the victim's Facebook account.


Expected results:

No spam.
Comment 1 Justin Scott [:fligtar] 2011-12-29 19:49:00 PST
Blocked in prod. Thanks.

guid: admin@youtubespeedup.com
Comment 2 Justin Scott [:fligtar] 2011-12-29 19:51:40 PST
FYI, as of yesterday this add-on had 558 users. It first appeared in the wild 3 days ago.

Note You need to log in before you can comment on or make changes to this bug.