Closed Bug 953147 Opened 11 years ago Closed 11 years ago

Ransomware locks Firefox tab, uses onbeforeunload and catchControlKeys

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 636374

People

(Reporter: John99, Unassigned)

References

(
URL
)

Details

Attachments

(3 files)

HTML from the site -YОUR BRОWSЕR HАS BЕЕN LОCKЕD-.html
42.51 KB, text/plain
Details
Screenshot of threat & Money demands
206.63 KB, image/png
Details
Dialogue does not close Firefox is locked
79.37 KB, image/png
Details 
Filing from this Sumo thread https://support.mozilla.org/en-US/questions/981475

Clicking on http://v886341.com will load a ransomware page locking that tab.
This is a known problem see for example
(European Police)  www.polfed-fedpol.be/crim/crim_fccu_ransomware_fr.php [pdf_eCops_ransomware_FR.pdf] 
http://techfruit.com/2013/12/12/europol-ec3-scam-targeting-unsuspecting-internet-users/ 

It appears this exploits use of onbeforeunload and catchControlKeys with users no longer being able to easily disable JS
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
This is demanding money, stating files are encrypted. The lock effect is still seen in other tabs
Thanks to Dave Garrett it appears this is being escalated. 

( Dave Garrett from  bug 616853 comment 27    {https://bugzilla.mozilla.org/show_bug.cgi?id=616853#c27} )
> According to bug 953147 we've got in the wild scam pages exploiting this to
> make pseudo-ransomware:
> http://techfruit.com/2013/12/12/europol-ec3-scam-targeting-unsuspecting-
> internet-users/
> 
> This should probably be bumped up in priority. Who needs to get poked to get
> someone to focus on this now? CCing and needinfoing Gijs or bzbarsky due to
> working on bug 950336 and Jesse due to filing bug 578828 (the alternate
> route to dealing with this). (not sure who to ask, so please needinfo
> someone more appropriate if needed)

I will leave this to the original bug reports. 

This annoying variant is engineered to need over 70 clicks before it will close. Whereupon it is likely to reload on Firefox restarting again

And clickable links of European Police links leading to a Police pdf download about this issue
1 Europol Cybercrime  https://www.europol.europa.eu/content/report-cybercrime-online
2 EC3 (European Cyber Crime Centre) https://www.europol.europa.eu/content/report-cybercrime-online
3 Belgium police PDF currently downloads from this page https://www.ecops.be/webforms/Default.aspx?Lang=EN
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → DUPLICATE
Attachment #8351469 - Attachment mime type: text/html → text/plain
This looks the same as bug 931987, and so is also a dupe of bug 636374. (And should be fixed with the current Firefox 27 release.)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: