Last Comment Bug 723753 - Malicious "Video Extension" add-on
: Malicious "Video Extension" add-on
Status: RESOLVED FIXED
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
:
:
Mentors:
: 724669 732540 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-02 16:03 PST by MarkH
Modified: 2016-03-07 15:30 PST (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
20120203 chistesrd.zip (32.28 KB, application/octet-stream)
2012-02-02 16:03 PST, MarkH
no flags Details

Description MarkH 2012-02-02 16:03:13 PST
Created attachment 593998 [details]
20120203 chistesrd.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7

Steps to reproduce:

Downloaded an add-on from http://chistesrd.com/oso/queryf.xpi


Actual results:

Injects http://chistesrd.com/s.js ->
http://chistesrd.com/t/estra.js

estra.js:
injects http://chistesrd.com/16/videozer.html as an <iframe>
injcets http://chistesrd.com/t/new.js

new.js:

steals your Facebook cookies and friends list

Sends likes for Facebook page "256388957767782"

Injects http://howiludie.info/final3.php as an <iframe>

Has you post links to http://video-chicas.bligoo.com.pe/', 'http://video-chicas.bligoo.com.ve/

Uses the bit.ly API creds to create a custom bit.ly URL for the spam.

Grabs your mobile upload address and sends it to 
http://allinfree.net/geti.php?mid

Spams your Facebook friends via
/ajax/profile/composer.php
/ajax/events/permalink/join.php
/ajax/events/invite/send/
/ajax/chat/send.php

Geo-locates you via http://j.maxmind.com/app/geoip.js

Injects a who.amung.us img tag of fmr0hckeuh74


Expected results:

It should not steal your Facebook information and cookies to send spam to your Facebook friends without your consent.
Comment 1 Jorge Villalobos [:jorgev] 2012-02-02 16:28:33 PST
<em:id>youtb3@youtb3.com</em:id>
Comment 2 Jorge Villalobos [:jorgev] 2012-02-02 16:39:25 PST
https://addons.mozilla.org/en-US/firefox/blocked/i60
Comment 3 Jorge Villalobos [:jorgev] 2012-02-06 14:45:06 PST
*** Bug 724669 has been marked as a duplicate of this bug. ***
Comment 4 Jorge Villalobos [:jorgev] 2012-03-02 12:41:00 PST
*** Bug 732540 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.