840438 - Phishing 18.0.2

Status: RESOLVED WORKSFORME

(Toolkit :: Safe Browsing, defect)

Description

[dr.upal]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Build ID: 20130201065344

Steps to reproduce:

http://дискавери-онлайн.рф/1999-zolotaya-lihoradka-alyaska-3-sezon-5-seriya.html


Actual results:

Site similar to yandex.ru
Modification popup.

Comment 1

[[:Aleksej]]

Reported to Google through http://www.google.com/safebrowsing/report_phish/?tpl=mozilla

Is there anything Firefox-specific?

Comment 2

[dr.upal]

Fraud Report published several 3-4 hours ago in Google and Yandex.

Specifically to the firefox can not bring any claims, since not know whether it was his problem.

But the behavior is different from the chrome firefox.

In firefox you can not close a tab by clicking on the cross, there is a modified box.

So it was a couple of hours ago.


Superficially resembled home page yandex, but looking at the source code, I found more than 20 frames, one of which was a fake image.

When I tried to close a tab by clicking on the cross floated box.

Normal alert, but it was the text in capital letters.

Viewing the source code, I found the script in which it was the contents of the window.


Did not keep a copy of the page, I thought that it will remain.

It is displayed for hours, I opened it many times.

The essence of the contents of the window that was written by the threat of data loss or data, if you click "OK".

If "OK" is not pressed, and clicking the X to close, it all goes in a circle.

Comment 3

[[:Aleksej]]

OK, for me there were two popups, one which was a new tab imitating vk.com and asking for your phone number.

Окей, у меня появилось два попапа, один из которых был новой вкладкой с фальшивой страницей vk.com, спрашивающей номер телефона.

Comment 4

[Justin Dolske [:Dolske]]

Comment 1 says reported to Google, that's really all that can be done with these kinds of bugs.