Created attachment 593191 [details] 20120131 divx.zip User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7 Steps to reproduce: Installed an add-on from http://126.96.36.199/~install/usa/divx.xpi Actual results: The update URL embedded in the Firefox version points to http://brownizze.info/test/update.rdf The add-on injects youtube.js from the add-on into every page's DOM That injects http://108.163.161/[.]66/~install/usa/script.js ... which injects http://choosingright/[.]info/extrapost.js ... which injects http://choosingright/[.]info/function.js Function.js picks at random from an array of blog URLs blogs = 'http://jsoiwwwenernw633.blogspot.com/?'; //blogs = 'http://apps.facebook.com/wdegwbsaweins/?'; //blogs = 'http://apps.facebook.com/evwiousnasa/?'; //blogs = 'http://apps.facebook.com/sdweonasn/?'; It then grabs all of your friends via http://www.facebook.com/ajax/typeahead/first_degree.php It then posts a like of the URL chosen earlier with a comment of "REDICULOUS HAVE Y0U LOOKED AT THIS? @<friend_name> @<friend_name2>…", which will send a notification to each friend that they were mentioned in a comment and encourage them to click on the URL. Expected results: It should not steal your Facebook cookies and send likes to Facebook without your consent.
<em:id>email@example.com</em:id> <em:creator>YOU</em:creator> Funny.
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.