Closed Bug 723753 Opened 11 years ago Closed 11 years ago

Malicious "Video Extension" add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: mhammell, Assigned: jorgev)

References

Details

Attachments

(1 file)

32.28 KB, application/octet-stream
Details
Attached file 20120203 chistesrd.zip
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7

Steps to reproduce:

Downloaded an add-on from http://chistesrd.com/oso/queryf.xpi


Actual results:

Injects http://chistesrd.com/s.js ->
http://chistesrd.com/t/estra.js

estra.js:
injects http://chistesrd.com/16/videozer.html as an <iframe>
injcets http://chistesrd.com/t/new.js

new.js:

steals your Facebook cookies and friends list

Sends likes for Facebook page "256388957767782"

Injects http://howiludie.info/final3.php as an <iframe>

Has you post links to http://video-chicas.bligoo.com.pe/', 'http://video-chicas.bligoo.com.ve/

Uses the bit.ly API creds to create a custom bit.ly URL for the spam.

Grabs your mobile upload address and sends it to 
http://allinfree.net/geti.php?mid

Spams your Facebook friends via
/ajax/profile/composer.php
/ajax/events/permalink/join.php
/ajax/events/invite/send/
/ajax/chat/send.php

Geo-locates you via http://j.maxmind.com/app/geoip.js

Injects a who.amung.us img tag of fmr0hckeuh74


Expected results:

It should not steal your Facebook information and cookies to send spam to your Facebook friends without your consent.
<em:id>youtb3@youtb3.com</em:id>
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
https://addons.mozilla.org/en-US/firefox/blocked/i60
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.