New Spyware for FireFox?

[Schadenfroh]

for all of you who think firefox is immune to spyware,

This was precceded by a java based POP UP that firefox did not block (java based) stating that i needed to click yes on the following screen or i would be wrong for me to view the lyrics, which was this:

Text

anyone know about this? if this gets as bad as IE........... Then users who have no clue will be just as vaulnerable in firefox as IE, save the really bad nasties that install stuff without any user interaction whatsoever

 

:Q This could be big...

 

[simms]

Originally posted by: Schadenfroh
Text
anyone know about this? if this gets as bad as IE...........

Bwhwhwha.. looks like Firefox has it's barrage of problems too.

But anyways, good luck. Have you tried Spybot/Adaware/SpywareBlaster?

God, SpywareBlaster is awesome. It stops my cousin from adding on stupid mouse cursors that reinstall it.. .bwhahaha..

 

[Schadenfroh]

Originally posted by: simms

Originally posted by: Schadenfroh
Text
But anyways, good luck. Have you tried Spybot/Adaware/SpywareBlaster?
.

see sig

 

[clamum]

Ok the pieces of sh!t that write this garbage need to be thrown off a cliff. I'm against the death penalty but actually it might be a good idea to instate it as punishment for writing spyware. :thumbsdown:

 

[brtspears2]

Cute, you can press cancel a few times. Misleading javascript popup. You can press cancel to not install it. Though the confusion here is that someone might see public.winupdates.com and think it's acutally a Microsoft patch.

 

[Allio]

Ouch. Still, I think Firefox handles it a little better than IE does, and at least it asks

 

[upsciLLion]

This is what happens when good software becomes popular.

 

[Sid59]

earlier "spyware" for Firefox were aimed at hijacking IE. hahah ...

the newer nightly builds of Firefox are testing whitelisted sites and other methods of controlling this XPI install.

for the mean time, the prompt box is there.

 

[CTho9305]

I see no popup, nor do any firefox users I checked with. Screenshot of the "popup"? If you mean a javascript ALERT (actually it's a prompt), you can't disable those without removing one of Javascript's primary legitimate uses (form submission validation/confirmation prompts).... maybe you're just being an IE fanboy .

I don't see the problem. The site asked you to install (or download) some spyware, and Mozilla warned you it was unsigned. I don't know about Firefox, but in Mozilla, you can't even hit "Install" for a few seconds, in case you're typing and the dialog comes up... you cannot accidentally install it.

This isn't the first time I've seen spyware ported to Mozilla's XPI format. Everyone knew it would happen.

Originally posted by: simms

Originally posted by: Schadenfroh
Text
anyone know about this? if this gets as bad as IE...........

Bwhwhwha.. looks like Firefox has it's barrage of problems too.

It allows you to install extensions from non-Mozilla sites, if you want? How is that a problem?

 

[MaestroQuark]

*Ahem*
http://bugzilla.mozilla.org/show_bug.cgi?id=238684

And whitelisting is already in, also. Yes, you can add a website to the whitelist

 

[1Cheap2Crazy]

I wonder if it's a bad site to begin with? I tried going there but couldn't. I looked in my HOSTS file and there it was! I'll trust the guy that put it in there. HOSTS file

 

[Schadenfroh]

interesting, it only happened once, when i returned it did not repeat (and no i did not click yes)

 

[CTho9305]

Originally posted by: Schadenfroh
interesting, it only happened once, when i returned it did not repeat (and no i did not click yes)

http://ctho.ath.cx/tmp/spyware3.txt
I de-hex-encoded it, cleaned up the line breaks & indents, and assigned variable names that make sense. Note that it checks for a cookie that it sets. Anyway, I do see the confirm() now.

edit: Ok, it should be easy to read now .
edit2: Yipes. I feel sorry for those of us who haven't wasted their lives understanding computer security! :Q
edit3: Uh, I deleted a few too many lines from the source code. You can still follow it though.

 

[drag]

Firefox has this come up everytime you want to install XPI extension on your computer.

With Firefox 9.0 or whatever it could of be triggered by a page change or a pop up or something like that, but later on with newer versions it could only be triggered by certain events. Like you clicking on a link....

The warning message is Firefox's way of keeping you safe from spyware and crap like that. Just hit cancel next tim. There were a few websites that tried this trick before with pop-ups and such, that's why Mozilla changed the behavior.

Also Firefox encorporates whitelists now so that you can only install extensions (which is what the XPI stuff is) from certain trusted websites. So if you go to a website that tries to do something like this it should be ignored or give you a error or something.

edit:


Also if you gone to the mozilla forums you'd notice that other people have already found out that this specific site and others like it are trying to do the spyware thing.

 

[Looney]

Originally posted by: clamum
Ok the pieces of sh!t that write this garbage need to be thrown off a cliff. I'm against the death penalty but actually it might be a good idea to instate it as punishment for writing spyware. :thumbsdown:

No kidding, and some of the spyware are downright illegal... like the ones that fvck up your winsock so you can't connect to the internet if you remove them. And some are just wrong, like the ones that install popups on your computer, but the popups are ads asking 'do you have a problem with popups? Buy this popup removal and you'll be protected.' LOLOL

 

[Looney]

Originally posted by: Allio
Ouch. Still, I think Firefox handles it a little better than IE does, and at least it asks

IE asks too. In all my years of online, i've NEVER EVER gotten spyware from browsing. Things just can't install unless you click YES.

And the only reason why Firefox 'handles it better' is because it hasn't been targetted. It's like people saying Mac computers are more secured, or Win98 are more secure these days because 95% of trojans and worms are targetted at XP... it's because those others aren't as popular, so they're not as targetted. As firefox gains more popularity, it will have as much problem as IE does.

 

[CTho9305]

Originally posted by: Hardcore

Originally posted by: Allio
Ouch. Still, I think Firefox handles it a little better than IE does, and at least it asks

IE asks too. In all my years of online, i've NEVER EVER gotten spyware from browsing. Things just can't install unless you click YES.

...or happen to be typing when the dialog pops up, or clicking at the spot where the "Yes" appears.

And the only reason why Firefox 'handles it better' is because it hasn't been targetted. It's like people saying Mac computers are more secured, or Win98 are more secure these days because 95% of trojans and worms are targetted at XP... it's because those others aren't as popular, so they're not as targetted. As firefox gains more popularity, it will have as much problem as IE does.

We shall see. The fact that it isn't targeted doesn't mean it's not also more secure.

 

[n0cmonkey]

Originally posted by: Hardcore

Originally posted by: Allio
Ouch. Still, I think Firefox handles it a little better than IE does, and at least it asks

IE asks too. In all my years of online, i've NEVER EVER gotten spyware from browsing. Things just can't install unless you click YES.

And the only reason why Firefox 'handles it better' is because it hasn't been targetted. It's like people saying Mac computers are more secured, or Win98 are more secure these days because 95% of trojans and worms are targetted at XP... it's because those others aren't as popular, so they're not as targetted. As firefox gains more popularity, it will have as much problem as IE does.

And example of this is IIS and Apache. IIS is more targetted, but Apache has the market share. Proves your point well. err right?

 

[Looney]

Originally posted by: CTho9305

Originally posted by: Hardcore

Originally posted by: Allio
Ouch. Still, I think Firefox handles it a little better than IE does, and at least it asks

IE asks too. In all my years of online, i've NEVER EVER gotten spyware from browsing. Things just can't install unless you click YES.

...or happen to be typing when the dialog pops up, or clicking at the spot where the "Yes" appears.

Like i said, in all my years of online, i have NEVER had spyware install through IE.

And the only reason why Firefox 'handles it better' is because it hasn't been targetted. It's like people saying Mac computers are more secured, or Win98 are more secure these days because 95% of trojans and worms are targetted at XP... it's because those others aren't as popular, so they're not as targetted. As firefox gains more popularity, it will have as much problem as IE does.

We shall see. The fact that it isn't targeted doesn't mean it's not also more secure.[/quote]

IE is absolutely foolproof if you don't hit YES... show me a single spyware that i can just visit a site, and my browser will become compromised with spyware.
So tell me, what's inherent in Firefox that protects it from Spyware so well? All spyware is is software that's installed on your computer to either do popups, hijacks, or send marketing information and crap like that. So don't hit YES, and you won't get any spyware installed. If Firefox becomes popular, you can bet your ass that spyware will be targetted at Firefox, just like it's already been done as this thread suggests.

 

[Sid59]

i didkn't COOLWEBSEARCH with it's hijacking asked you to clicked YES.

 

[LuDaCriS66]

or you could just turn off the ability to install extensions. If you have all your extensions, theres no need to have it enabled.

 

[LuDaCriS66]

IE is absolutely foolproof if you don't hit YES... show me a single spyware that i can just visit a site, and my browser will become compromised with spyware.
So tell me, what's inherent in Firefox that protects it from Spyware so well? All spyware is is software that's installed on your computer to either do popups, hijacks, or send marketing information and crap like that. So don't hit YES, and you won't get any spyware installed. If Firefox becomes popular, you can bet your ass that spyware will be targetted at Firefox, just like it's already been done as this thread suggests.

Firefox not having activex running would help

 

[Schadenfroh]

some spyware does not require you to click "yes", see here.

This is a growing family of trojans that exploits the ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to execute unauthorized code on an affected machine.

some use holes in windows itself to get in. these ones have since been patched, but there are a number of others that have not that can cause infection without you ever knowing untill its too late. but you wont get this junk unless you visit ALLOT of warez sites.

 

[glugglug]

Originally posted by: Hardcore

Originally posted by: Allio
Ouch. Still, I think Firefox handles it a little better than IE does, and at least it asks

IE asks too. In all my years of online, i've NEVER EVER gotten spyware from browsing. Things just can't install unless you click YES.

Actually in IE you can.

If you try to trigger an ActiveX spyware download twice within the same page, IE will only ask whether you want to run it for the first one. It then sets a flag that it asked you about it, but does not keep track of whether you actually answered yes or no when it hits the 2nd one. The yes is just assumed, so the 2nd hit within the page will be effective.