Ransomware locks Firefox tab, uses onbeforeunload and catchControlKeys

RESOLVED DUPLICATE of bug 636374

Status

()

Firefox
Security
--
major
RESOLVED DUPLICATE of bug 636374
5 years ago
4 years ago

People

(Reporter: John99, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments)

Created attachment 8351469 [details]
HTML from the site -YОUR BRОWSЕR HАS BЕЕN LОCKЕD-.html

Filing from this Sumo thread https://support.mozilla.org/en-US/questions/981475

Clicking on http://v886341.com will load a ransomware page locking that tab.
This is a known problem see for example
(European Police)  www.polfed-fedpol.be/crim/crim_fccu_ransomware_fr.php [pdf_eCops_ransomware_FR.pdf] 
http://techfruit.com/2013/12/12/europol-ec3-scam-targeting-unsuspecting-internet-users/ 

It appears this exploits use of onbeforeunload and catchControlKeys with users no longer being able to easily disable JS

Updated

5 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 616853
(Reporter)

Comment 2

5 years ago
Created attachment 8351497 [details]
Screenshot of threat & Money demands

This is demanding money, stating files are encrypted. The lock effect is still seen in other tabs
(Reporter)

Comment 3

5 years ago
Created attachment 8351499 [details]
Dialogue does not close Firefox is locked
(Reporter)

Comment 4

5 years ago
Thanks to Dave Garrett it appears this is being escalated. 

( Dave Garrett from  bug 616853 comment 27    {https://bugzilla.mozilla.org/show_bug.cgi?id=616853#c27} )
> According to bug 953147 we've got in the wild scam pages exploiting this to
> make pseudo-ransomware:
> http://techfruit.com/2013/12/12/europol-ec3-scam-targeting-unsuspecting-
> internet-users/
> 
> This should probably be bumped up in priority. Who needs to get poked to get
> someone to focus on this now? CCing and needinfoing Gijs or bzbarsky due to
> working on bug 950336 and Jesse due to filing bug 578828 (the alternate
> route to dealing with this). (not sure who to ask, so please needinfo
> someone more appropriate if needed)

I will leave this to the original bug reports. 

This annoying variant is engineered to need over 70 clicks before it will close. Whereupon it is likely to reload on Firefox restarting again

And clickable links of European Police links leading to a Police pdf download about this issue
1 Europol Cybercrime  https://www.europol.europa.eu/content/report-cybercrime-online
2 EC3 (European Cyber Crime Centre) https://www.europol.europa.eu/content/report-cybercrime-online
3 Belgium police PDF currently downloads from this page https://www.ecops.be/webforms/Default.aspx?Lang=EN
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
(Reporter)

Updated

5 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 616853
Attachment #8351469 - Attachment mime type: text/html → text/plain
This looks the same as bug 931987, and so is also a dupe of bug 636374. (And should be fixed with the current Firefox 27 release.)
Duplicate of bug: 636374
You need to log in before you can comment on or make changes to this bug.