Closed
Bug 847018
Opened 11 years ago
Closed 11 years ago
Blocklist a fake Flash extension that is in fact a malware
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: underpass_bugzilla, Unassigned)
Details
(Whiteboard: [extension])
Attachments
(1 file)
152.70 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0 Build ID: 20130227063501 Steps to reproduce: One of my Facebook contacts tagged me in a post leading to this website http://www.xn--47aaeabb.net/ redirecting to http://www.sosyalaghileleri.com/firefox.php It used have a fake Flash video and a notation saying that the Flashplayer installed on the system is obsolete and should be updated. It also provides the link to a fake extension. If you install it, your Facebook account becomes compromised and starts to spread the same link tagging other contacts, harvesting them from the list of your Facebook friends and thus propagating the "infection". I also have a copy of the fake extension (downloaded but not installed) and I can upload it if necessary. The website should be marked as dangerous. The extension should be blocklisted as soon as possible. This malware is increasingly spreading on Facebook in the last few days. Thanks
Comment 1•11 years ago
|
||
The first link redirects me to chrome.php, and nothing on chrome.php or firefox.php seems to work. Can you upload the extension that you mentioned?
Hello, sorry for my late answer. Probably the DNS you are using somehow block the page since I'm perfectly seeing the fake extension download link. Anyway, I'm uploading it. Thanks.
Comment 4•11 years ago
|
||
Well, the add-on linked definitely appears to be malicious. It's name and description are "Adobe Flash Player", and all it does is inject a remote script into every page. The URL for the script doesn't actually work, though. ID: jid0-Y6TVIzs0r7r4xkOogmJPNAGFGBw@jetpack
Comment 5•11 years ago
|
||
This is also on AMO (not masquerading as Flash): https://addons.mozilla.org/addon/sosyal-medya/
Updated•11 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [extension]
Comment 7•11 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i322
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 8•11 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #7) > Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i322 Typo in "pretending to the the Flash Player plugin."
Comment 9•11 years ago
|
||
(In reply to Scoobidiver from comment #8) > (In reply to Jorge Villalobos [:jorgev] from comment #7) > > Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i322 > Typo in "pretending to the the Flash Player plugin." Fixed, thanks.
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•