Closed
Bug 979856
Opened 10 years ago
Closed 10 years ago
Bypassing addon installation [Trusted Shopper Adware]
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
FIXED
2014-08
People
(Reporter: toadyshadow101, Assigned: jorgev)
Details
(Whiteboard: [qa-])
Attachments
(1 file)
|
339.29 KB,
application/zip
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:27.0) Gecko/39237369 Firefox/27.0 (Nightly/Aurora) Build ID: 20140217134052 Steps to reproduce: Program installer origin unknown it was packaged in a shark007 codec pack for windows 7. The item TrustedShopper firefox addon by TrustedWeb produced by squeakychocolate (Malicious Adware) Actual results: This addon is part of trusted shopper adware that targets ie, firefox, chrome, safari & opera, It overlays ad's across the entire content area of the browser and for each tab open. The firefox addon component bypasses standard addon installation alerts (No messages, Prompts or Notifications of its installation into firefox) only visible sign is every browser tab hijacked with ad's I recommend add to block list hard and soft, It also utilizes the update mechanisms through there own hosting with a constant changing GUID. Attached you will find 80% of the programs registry entries, Screen shot of its installed .dll files and the trusted shopper xpi Unfortunately i can not recovery of any further information from the affected PC as its been wiped clean. Expected results: A form of notification should have alerted the user of an addon installation. Should have been blocked by a security measure.
|
||
Updated•10 years ago
|
Group: core-security
Component: Untriaged → Blocklisting
Product: Firefox → addons.mozilla.org
Version: 27 Branch → unspecified
|
|
||
Comment 1•10 years ago
|
||
<em:id>jid1-bKSXgRwy1UQeRA@jetpack</em:id>
<em:version>2.0.1</em:version>
<em:name>TrustedShopper</em:name>
<em:description>Coupons and deals to help you get the best deals!</em:description>
<em:creator>TrustedWeb</em:creator>
<em:optionsType>2</em:optionsType>
<em:updateURL>http://cdn.trustedshopper.net/trustedshopper/ff/update.rdf</em:updateURL>
<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLyedVuUuVZTMaJtAk4yFUdBPCpkWCo9BQ34YITDpuJSZi3I6vhR9oRCv9URMAJk4kkfWrYZMut2IPRhtIqlT17+QuHHh1rTPFkV/HTz1lxT4V0gw5+1zzAvVGEWMiQTPQFLizC6nFOa2xDzeFzsYqPxz2Y5X+/AbNKDY+aMmSwwIDAQAB"</em:updateKey>
|
Assignee | |
Comment 3•10 years ago
|
||
Kris, please confirm this report and let us know what its usage stats are looking like.
tracking-firefox31:
? → ---
Flags: needinfo?(kmaglione+bmo)
|
||
Comment 4•10 years ago
|
||
I happened to test the installer in question yesterday for unrelated reasons. It currently installs a search hijacker called Astromenda, and another shopping add-on called Deal Keeper, but not TrustedShopper. In any case, metrics strongly suggest that TrustedShopper is a third-party silent install, so it should be blocked.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(kmaglione+bmo)
|
|
Assignee | |
Comment 5•10 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i680
Assignee: nobody → jorge
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Target Milestone: --- → 2014-08
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•