Malicious "emotimania" add-on

VERIFIED FIXED in 2013-06-20

Status

()

Toolkit
Blocklisting
VERIFIED FIXED
5 years ago
2 years ago

People

(Reporter: MarkH, Assigned: jorgev)

Tracking

unspecified
2013-06-20
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

31.08 KB, application/octet-stream
Details
(Reporter)

Description

5 years ago
Created attachment 649673 [details]
20120807_emotimania_firefox.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.57 Safari/537.1

Steps to reproduce:

Downloaded add-on from www.emotimania/plugin/memes/plugin_meme2.xpi


Actual results:

Loads memeplugin.js from the addon container

memeplugin.js:
defines a bunch of JS to do DOM/CSS manipulation
injects http://www.emotimania.com/memes/plugin/memeplugin.js

memeplugin.js (remote copy):
packed JS
inserts a whos.amung.us tag
inserts a Google Analytics tag (acct: UA-17000707-8)
injects 
http://www.emotimania.com/plugin/4dTgkd.js
http://www.emotimania.com/plugin/h4dfaK.js

4dTgkd.js:
Swaps out ads that are hosted via iframe with ads hosted on
http://www.mimejoorfrase.com/ad.php

h4dfaK.js:
Injects an ad iframe pointing to http://ad.foxnetworks.com/st?ad_type=iframe&ad_size=728x90&section=3129889&pub_url=mimejoorfrase.com
It looks for a specific set of sites to inject on (incl. Facebook), most in the list are Spanish language sites.


Expected results:

It should not inject ads or replace ads on the sites a user visits, without their knowledge.
(Assignee)

Comment 1

5 years ago
The id had already been blocked (https://addons.mozilla.org/en-US/firefox/blocked/i115), but the wrong block level was set, so that's probably the reason it wasn't working correctly.

Fixed now.
Assignee: nobody → jorge
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Assignee)

Updated

5 years ago
Target Milestone: --- → 2013-06-20

Comment 2

5 years ago
Verified as fixed in https://addons.mozilla.org/ on FF21 (Win 7).
The add-on has been blocked.
Closing bug.
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.