Closed Bug 952717 Opened 11 years ago Closed 11 years ago

Blocklist Webexp Enhanced

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
2014-01-14

People

(Reporter: feer56, Assigned: jorgev)

Details

Users are reporting "Webexp Enhanced" that is trying to silently install. I also just got this to. about:support info: Webexp Enhanced 1.1 false ext@WebexpEnhancedV1alpha766.net
Support forum thread on this: https://support.mozilla.org/questions/981080 "Webexp Enhanced V1" malware included in Firefox 26.0?
The report mentions ext@WebexpEnhancedV1alpha8264.net and also mentions the about:new-addon page specifically. So, it doesn't look like we have silent install, but we do have random IDs and general user rejection. Kris, can you find other IDs in use for this add-on?
Flags: needinfo?(kmaglione+bmo)
There are a lot of them. They all seem to be of the form /ext@WebexpEnhancedV1alpha\d+.net/
Flags: needinfo?(kmaglione+bmo)
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i535
Assignee: nobody → jorge
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-01-14
Verified as fixed in https://addons.mozilla.org/en-US/firefox/blocked/i535 on FF26 (Win 7). Closing bug.
Status: RESOLVED → VERIFIED
This is not fixed. The block doesn't work; it's still there in the extensions list without a delete button and I'm still having problems with it. The hyperlinks generated by webexp enhanced are even showing up on your "Verified as fixed" page. This bug is not resolved.
I'm attempting to resolve this myself. I will follow up with what I find. So far I've discovered that this malware is originating with a company called "Media Mind". Their web address is http://bs.serving-sys.com/. If I have to show up at the offices of "Media Mind" with a baseball bat in order to resolve this problem then I guess I'll be resolving this problem Joe Pesci style.
Flags: needinfo?(rfmcphalen)
Media Mind redirects to http://www.sizmek.com/ On the sizmek.com website (at the very bottom) is a link to "Opt-Out" of having their malicious software grab your cookies & drop advertisements into your browser (which doesn't appear to stop the ads). They're registered through network solutions.
Flags: needinfo?(jorge)
(In reply to Robert McPhalen from comment #6) > This is not fixed. The block doesn't work; it's still there in the > extensions list without a delete button and I'm still having problems with > it. The hyperlinks generated by webexp enhanced are even showing up on your > "Verified as fixed" page. This bug is not resolved. Blocked extensions aren't deleted, they are just disabled. However, it's also possible that you have the same extension installed but with a different ID. If you open about:support, there's a list of installed extensions there. If you can post that here we can figure out if it's the same problem or something else. And, as much as I appreciate Joe Pesci references, this is a public site, so please refrain from making comments that could be interpreted as threats.
Flags: needinfo?(jorge)
(In reply to Jorge Villalobos [:jorgev] from comment #9) > (In reply to Robert McPhalen from comment #6) > > This is not fixed. The block doesn't work; it's still there in the > > extensions list without a delete button and I'm still having problems with > > it. The hyperlinks generated by webexp enhanced are even showing up on your > > "Verified as fixed" page. This bug is not resolved. > > Blocked extensions aren't deleted, they are just disabled. However, it's > also possible that you have the same extension installed but with a > different ID. If you open about:support, there's a list of installed > extensions there. If you can post that here we can figure out if it's the > same problem or something else. > > And, as much as I appreciate Joe Pesci references, this is a public site, so > please refrain from making comments that could be interpreted as threats. Thank you for the info - I will continue looking into it and will post my findings here. Sorry about the Joe Pesci reference. I'll keep all future posts on topic.
Flags: needinfo?(rfmcphalen)
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.