Closed Bug 974041 Opened 11 years ago Closed 11 years ago

Malicious addon "Extension_Protected" needs blocklisting

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
2014-02-25

People

(Reporter: mhammell, Assigned: jorgev)

References

Details

Attachments

(1 file)

malicious_addon_sample.zip
224.10 KB, application/octet-stream
Details
Hello, The attached zip contains a sample of a malicious addon. It hijacks a victim's Facebook account and sends spam to their friends. Thanks! Facebook Security MD5: 15edbd619f534458b0d10c96b4594532
Password on the attachment is 'infected'.
There are two extension at play here. One is jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack, which is the one reported, and that is certainly malicious, force-enabling disabled extensions and forcing a new tab URL. The other is lightningnewtab@gmail.com, which is the one the first extension tries to keep enabled, which appears to also be unwanted and silently installed. That one I think should only be soft-blocked.
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → 2014-02-25
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i552 https://addons.mozilla.org/en-US/firefox/blocked/i554
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Verified as fixed in https://addons.mozilla.org/en-US/firefox/blocked/i552 https://addons.mozilla.org/en-US/firefox/blocked/i554 on FF27 (Win 7). Closing bug.
Status: RESOLVED → VERIFIED
Blocks: 1011286
Blocks: 1011316
Blocks: 1031099
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: