Closed Bug 979856 Opened 11 years ago Closed 10 years ago

Bypassing addon installation [Trusted Shopper Adware]

Categories

(Toolkit :: Blocklist Policy Requests, defect)

x86
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED FIXED
2014-08

People

(Reporter: toadyshadow101, Assigned: jorgev)

Details

(Whiteboard: [qa-])

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:27.0) Gecko/39237369 Firefox/27.0 (Nightly/Aurora) Build ID: 20140217134052 Steps to reproduce: Program installer origin unknown it was packaged in a shark007 codec pack for windows 7. The item TrustedShopper firefox addon by TrustedWeb produced by squeakychocolate (Malicious Adware) Actual results: This addon is part of trusted shopper adware that targets ie, firefox, chrome, safari & opera, It overlays ad's across the entire content area of the browser and for each tab open. The firefox addon component bypasses standard addon installation alerts (No messages, Prompts or Notifications of its installation into firefox) only visible sign is every browser tab hijacked with ad's I recommend add to block list hard and soft, It also utilizes the update mechanisms through there own hosting with a constant changing GUID. Attached you will find 80% of the programs registry entries, Screen shot of its installed .dll files and the trusted shopper xpi Unfortunately i can not recovery of any further information from the affected PC as its been wiped clean. Expected results: A form of notification should have alerted the user of an addon installation. Should have been blocked by a security measure.
Group: core-security
Component: Untriaged → Blocklisting
Product: Firefox → addons.mozilla.org
Version: 27 Branch → unspecified
<em:id>jid1-bKSXgRwy1UQeRA@jetpack</em:id> <em:version>2.0.1</em:version> <em:name>TrustedShopper</em:name> <em:description>Coupons and deals to help you get the best deals!</em:description> <em:creator>TrustedWeb</em:creator> <em:optionsType>2</em:optionsType> <em:updateURL>http://cdn.trustedshopper.net/trustedshopper/ff/update.rdf</em:updateURL> <em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLyedVuUuVZTMaJtAk4yFUdBPCpkWCo9BQ34YITDpuJSZi3I6vhR9oRCv9URMAJk4kkfWrYZMut2IPRhtIqlT17+QuHHh1rTPFkV/HTz1lxT4V0gw5+1zzAvVGEWMiQTPQFLizC6nFOa2xDzeFzsYqPxz2Y5X+/AbNKDY+aMmSwwIDAQAB"</em:updateKey>
[Tracking Requested - why for this release]:
Kris, please confirm this report and let us know what its usage stats are looking like.
Flags: needinfo?(kmaglione+bmo)
I happened to test the installer in question yesterday for unrelated reasons. It currently installs a search hijacker called Astromenda, and another shopping add-on called Deal Keeper, but not TrustedShopper. In any case, metrics strongly suggest that TrustedShopper is a third-party silent install, so it should be blocked.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(kmaglione+bmo)
Assignee: nobody → jorge
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Target Milestone: --- → 2014-08
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: