ez-download.com bundles malware with Firefox

RESOLVED FIXED

Status

Marketing
P3
major
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: tanner, Assigned: liz)

Tracking

Details

(Whiteboard: awaiting response from Google, URL)

(Reporter)

Description

5 years ago
My sister had this on her computer, I saw she downloaded it from this site. Re-ran the installer after I cleaned everything off. Screenshots: http://imgur.com/a/Euucu#0 Sorry about cutting the bottom off, all that was really removed was the "Accept" and "Decline" buttons.

VirusTotal: https://www.virustotal.com/file/6f968a9ec9c59e0db8476381b6310d023deac0f590347622f3320a8791c15953/analysis/1360280396/
(Assignee)

Comment 1

5 years ago
We've received several complaints about this site. I've asked outside counsel to handle it.
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: under legal review
Received another complaint about this site today on IRC. Any progress?

Comment 3

5 years ago
I did a Google search for "Firefox", and an ez-download ad shows top of the page! 
http://tinypic.com/r/21j13tf/5

Should this be reported to Google AdWords? I'm concerned about the number of people who will be mislead into trusting ez-download instead of Mozilla.
Yeah - bumping this. 

In Canada, this is still a big problem. I just got a notification that for most people who don't have ad-blockers, this shows up on Google search *before* actual Mozilla download link, so many new end-users will go there instead.

And it's still mal-waring people: http://forums.cnet.com/7723-6620_102-580639/firefox-download-contained-a-trojan/ and http://www.webroot.com/blog/2013/06/24/rogue-free-mozilla-firefox-download-ads-lead-to-installcore-potentially-unwanted-application-pua/

Would be good to deal with this before it gets bigger, and general public starts equating Firefox with trojans...
Flags: needinfo?(liz)
A friend of mine in the Attorney General's Office of Washington State called me this afternoon about finding malware in Firefox.  He was embarrassed when I pointed out that he was duped by a fake site.  As it appears at the top of Google search listings when looking for "Firefox", surely we must at least have recourse through Google...
(Reporter)

Comment 6

4 years ago
Any news? People are complaining about this, and other sites on a Reddit. The first result for Firefox is an installer bundled with adwarehttp://www.reddit.com/r/firefox/comments/1xu18b/googles_first_ad_for_firefox_is_adware/?sort=confidence.
(Assignee)

Comment 7

4 years ago
Our outside counsel has been in touch with outside counsel for the company behind this distribution. They have made changes to the installer to make it clearer the other software is separate from Firefox and does not have to be downloaded. While this doesn't help most people who just keep clicking through without paying attention, it means there isn't much we can do legally. I've submitted a request to Google that they not accept these ads. I haven't heard back yet, but I suspect Google will not agree to that request. I'll let you know what I hear back from them.
Flags: needinfo?(liz)
Whiteboard: under legal review → awaiting response from Google
(Assignee)

Comment 8

4 years ago
I've sent Google a follow-up email since I haven't heard back from them yet.

Comment 9

4 years ago
A search today shows three ads:
firefox.imadownload.com/‎
mozilla-firefox.ez-download.com/‎
www.firefox.browser-download.com/‎

Of course, the ads appear before www.mozilla.org.

I have no idea whether these have malware, but it's hard to imagine paying for these ads unless there's a charge or they're bundled with _something_.  Since you all classify flagrant abuse as P3, I'm not going to bother filing a bug report.  I'll leave it to paid personnel.

Comment 10

4 years ago
How on earth is this still an issue??? Searching for Firefox brings up Malware for the first hit while searching Chrome returns all valid links back to Google's own site or known sites like Wikipedia. How can this possibly not be completely and utterly deliberate on Google's behalf?? Google claims "no evil" but there is no question this is evil. I just wasted 4 hours reinstalling my PC from scratch yesterday because I clicked on this link too quickly. I even cancelled at the very first screen of the install but it was too late. This wasn't the more harmless thing of installing a useless toolbar, this was malicious malware that installs without consent.
This is the first result (albeit "ad") on Google when you search for "firefox"!

    https://www.google.com/search?q=firefox

    http://f.cl.ly/items/1b3O0T3m2X2U063w002m/Screen%20Shot%202014-06-01%20at%2012.46.24%20AM.png

> I installed Firefox on my work laptop today and all this other crap got installed with it (see the list of "Installed on 5/25/2014" programs below).  Is this now a normal load for Firefox or did I grab it from a poor link?  I did not go to Mozilla.com.  I Googled Firefox and clicked on the top hit which may have been a third party that tagged a bunch of crap into the install.  Once installed, I had all kinds of pop-up screens going on until I stripped them out except the two Mozilla programs and the Visual C++ program.  Does Firefox need Visual C++?

    http://f.cl.ly/items/0D131u0Q2w192w2G0B1P/Firefox%20Install%20May-25-2014.png

Any progress here?
(Assignee)

Comment 12

4 years ago
We're trying to figure out the best approach to take with Google to try get them to stop accepting these ads.
(Assignee)

Comment 13

4 years ago
Tomcat is checking out the builds more thoroughly so we know exactly what's being distributed and what modifications have been made. We're also consulting with outside counsel on options. This isn't a legal bug so we can't say much here about legal strategy, but we aren't ignoring this situation and are working on it.

Comment 14

4 years ago
This problem has NOT been corrected.

The installer doesnt even install firefox.
It installs virii even if you decline everything.

It is not legal to install keyloggers/trojans/botnets when you pretend its a toolbar, even if it has a decline button.

you cannot steal credit card info even if you have an accept/decline button (are you stupid?)

did anyone ever scan this file on virustotal? you can actually see what the exe does
keyboard/mouse hooks...  device modification codes (rootkit)... mountpoint modification

ive been bitching at google for days about this, now they tell me that this is OK with you, so theres nothing anyone can do about it.

you need to tell google to remove it. period.
its a violation of your copyright because it is not an authorized distro because it violates the TOS
you need to tell google to remove it. period.

im **** at google, ezdownload, and firefox for allowing hundreds of thousands of virii to be distributed

you all must be stupid.
Comment hidden (advocacy)
Comment hidden (abuse)
Comment hidden (abuse)
Comment hidden (abuse)
Comment hidden (abuse)
Comment hidden (abuse)
Comment hidden (abuse)
Comment hidden (abuse)
Comment hidden (advocacy)

Comment 24

4 years ago
this virus is still there, after seven months, because firefox said its okay to leave it there
bob, settle down please. 1 comment is enough. We are working on this and waiting on a response from google. Obviously we aren't happy about this either, but we are limited in what we can do here.

Comment 26

4 years ago
the only possible legal response from google is to take it down.
you arent so limited that you cant demand it to be taken down on legal grounds

its been seven months, i am NOT IMPATIENT
i have a right to be angry because i was infected through your negligence

you should expect viruses on top of these insults because thats what you gave me

Comment 27

3 years ago
Hi, I'd like like to bump this, my mother and her coworker just ran into this same bug when the coworker tried to download firefox on their new computers from the ez-download link, which was still the first thing to show up on a google search for firefox (as an ad, of course). Completely crashed both of their computers (all the other things were declined, it was just the firefox from ez-download).

Is there any update on the situation with google?
(Assignee)

Comment 28

a year ago
Sorry for not updating this bug, but this was resolved quite awhile ago.
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.