Jump to content
xisto Community
tgp1994

Be Very Careful With The Recent Firefox Update! Drive by download exploit abound

Recommended Posts

Last thursday I was surprised to see a firefox update, but it downloaded and installed like usual, so I went about my daily business. At one point after that, a friend contacted me about a software website they thought was suspicous, so I followed the link. "Yup," I told him, "sure is."So he looked elsewhere for the application he was looking for, and I went back to my tasks.Then later, my screen was attacked by about 5 different antivirus applications saying I was infected by rogue software (probably reporting each other), at which point I quickly finished writing puppy linux to my cd, then I rebooted my computer.I have almost never run anti virus software on my computer; I always get the latest patches from microsoft, and I think I have enough common sense to know what bad software is from good software. This, and the fact that I had no idea websites could download and run executables to my computer, contributed to this occurance.Don't be like me: be VERY careful after getting this firefox update! It's user hunting season!

Share this post


Link to post
Share on other sites

Unfortunately, windows update can be tricked and anyone can inject a rouge software to be downloaded as an update by windows. Surprise, most windows updates are never being verified if they are really coming from Microsoft.Do you also know that all servers where websites are being hosted can track your IP, your Lan Card serial/address (MAC address) and using this info alone a script can be written to automatically test your computer for attack.Virus don't come alone from internet and you can get them via the following.1. infected CD be it an active virus or trojan.2. from your cellphone (Surprise!)3. from your music CD with hidden sectors from a shaddy source (Surprise!)4. from a DRM encoding on one of your videos (Surprise!!) and windows download this DRM files without asking you (Surprise again!).5. your USB devices6. and the most common error that people say "iPod runs on a different OS and can't infect windows computer", it was funny since your iPod or iPad or even iPhone may not be harmed by that virus but once you sync it with your computer, you are executing that "autorun.ini" file. There is no other clean way to disable that completely other than partially hacking windows registry. :)

Edited by vhortex (see edit history)

Share this post


Link to post
Share on other sites

Do you also know that all servers where websites are being hosted can track your IP, your Lan Card serial/address (MAC address) and using this info alone a script can be written to automatically test your computer for attack.
Virus don't come alone from internet and you can get them via the following.
1. infected CD be it an active virus or trojan.
2. from your cellphone (Surprise!)
3. from your music CD with hidden sectors from a shaddy source (Surprise!)
4. from a DRM encoding on one of your videos (Surprise!!) and windows download this DRM files without asking you (Surprise again!).
5. your USB devices
6. and the most common error that people say "iPod runs on a different OS and can't infect windows computer", it was funny since your iPod or iPad or even iPhone may not be harmed by that virus but once you sync it with your computer, you are executing that "autorun.ini" file. There is no other clean way to disable that completely other than partially hacking windows registry. :)


Very interesting, except I was doing none of the above :D

Share this post


Link to post
Share on other sites

There hasn't been any official word on such an exploit present in the Firefox upgrade, has there? The windows version of Firefox is bound to have a few problems now and then because, well....it runs on Windows! I haven't had any problems so far with the Linux version of Firefox and it has never given me a crash or anything else weird. That is why I stick to using Linux for Internet.

Share this post


Link to post
Share on other sites

Last thursday I was surprised to see a firefox update, but it downloaded and installed like usual, so I went about my daily business. At one point after that, a friend contacted me about a software website they thought was suspicous, so I followed the link. "Yup," I told him, "sure is."
So he looked elsewhere for the application he was looking for, and I went back to my tasks.

Then later, my screen was attacked by about 5 different antivirus applications saying I was infected by rogue software (probably reporting each other), at which point I quickly finished writing puppy linux to my cd, then I rebooted my computer.

I have almost never run anti virus software on my computer; I always get the latest patches from microsoft, and I think I have enough common sense to know what bad software is from good software. This, and the fact that I had no idea websites could download and run executables to my computer, contributed to this occurance.

Don't be like me: be VERY careful after getting this firefox update! It's user hunting season!


It would be nice to get a bit of some more information. What is the version number of the Firefox we talk about?
What is the number of the update?

As far as I know there was a new version available at the official website of Firefox last week.
This newest and latest version is called:

v3.6.11, released 19-10-2010

Here is my source.
https://www.mozilla.org/en-US/firefox/new/
Edited by zenia (see edit history)

Share this post


Link to post
Share on other sites

It would be nice to get a bit of some more information. What is the version number of the Firefox we talk about?

What is the number of the update?

 

As far as I know there was a new version available at the official website of Firefox last week.

This newest and latest version is called:

 

v3.6.11, released 19-10-2010

 

Here is my source.

https://www.mozilla.org/en-US/firefox/new/

Yup, that's it.

Share this post


Link to post
Share on other sites

Very interesting, except I was doing none of the above :)

Last thursday I was surprised to see a firefox update, but it downloaded and installed like usual, so I went about my daily business. At one point after that, a friend contacted me about a software website they thought was suspicous, so I followed the link. "Yup," I told him, "sure is."

conflict with

 

Do you also know that all servers where websites are being hosted can track your IP, your Lan Card serial/address (MAC address) and using this info alone a script can be written to automatically test your computer for attack

And windows can always be tricked to download fake updates. I am using the same firefox version you mentioned and not a single viral attempt executes. By visiting the website, you are already engaging a viral infection, a viral website can always be setup to look like your own desktop using javascripts. You can then be tricked to click on the shaddy links and download an update or an activex file that will tell windows to update.

 

On the moment you visited that website, you already left your computer address and since you have no protection, your computer is way open to the whole world. In fact, if this forum will show your browser details, your IP address and MAC address to the world, any of us who visit here can plant a virus on your computer.

 

An antivirus is not a thing for bragging or something to waste your cash, it is their to provide a lock for your computer. Visiting a shaddy website with no firewall and antivirus is like walking to a field of snow wearing only a boxer shorts.

 

1. infected CD be it an active virus or trojan.

2. from your cellphone (Surprise!)

3. from your music CD with hidden sectors from a shaddy source (Surprise!)

4. from a DRM encoding on one of your videos (Surprise!!) and windows download this DRM files without asking you (Surprise again!).

5. your USB devices

6. and the most common error that people say "iPod runs on a different OS and can't infect windows computer", it was funny since your iPod or iPad or even iPhone may not be harmed by that virus but once you sync it with your computer, you are executing that "autorun.ini" file. There is no other clean way to disable that completely other than partially hacking windows registry.


Since you said that you never do any of the above things, I will tell you that you are the single person I ever know that never inserted a CD, never connected a cellphone to a computer (including blue tooth), never listen to music, never watch a video and never used any form of USB device.

Share this post


Link to post
Share on other sites

conflict with

 

 

 

And windows can always be tricked to download fake updates. I am using the same firefox version you mentioned and not a single viral attempt executes. By visiting the website, you are already engaging a viral infection, a viral website can always be setup to look like your own desktop using javascripts. You can then be tricked to click on the shaddy links and download an update or an activex file that will tell windows to update.

 

On the moment you visited that website, you already left your computer address and since you have no protection, your computer is way open to the whole world. In fact, if this forum will show your browser details, your IP address and MAC address to the world, any of us who visit here can plant a virus on your computer.

 

An antivirus is not a thing for bragging or something to waste your cash, it is their to provide a lock for your computer. Visiting a shaddy website with no firewall and antivirus is like walking to a field of snow wearing only a boxer shorts.

 

 

 

Since you said that you never do any of the above things, I will tell you that you are the single person I ever know that never inserted a CD, never connected a cellphone to a computer (including blue tooth), never listen to music, never watch a video and never used any form of USB device.


I didn't say I've never used any of the above mentioned mediums at all. I was using the word "was" to indicate the time at which I was infected. Thus,

Last thursday I was surprised to see a firefox update, but it downloaded and installed like usual, so I went about my daily business. At one point after that, a friend contacted me about a software website they thought was suspicous, so I followed the link. "Yup," I told him, "sure is."

Does not fall under your list :) And what can someone do with my IP? Sure, they could test my computer for an attack, but of what type?

 

P.S. I never clicked anything in the website. I don't fall for things like recreated UIs, I was merely looking at the front of the website to judge its appearance.

Edited by tgp1994 (see edit history)

Share this post


Link to post
Share on other sites

That's ridiculous in my opinion... at the moment, I do not have an antivirus installed on my computer. *runs to get AVG*

Virus don't come alone from internet and you can get them via the following.1. infected CD be it an active virus or trojan.
2. from your cellphone (Surprise!)
3. from your music CD with hidden sectors from a shaddy source (Surprise!)
4. from a DRM encoding on one of your videos (Surprise!!) and windows download this DRM files without asking you (Surprise again!).
5. your USB devices
6. and the most common error that people say "iPod runs on a different OS and can't infect windows computer", it was funny since your iPod or iPad or even iPhone may not be harmed by that virus but once you sync it with your computer, you are executing that "autorun.ini" file. There is no other clean way to disable that completely other than partially hacking windows registry.


That is interesting. I guess viruses spread like the flu. I still don't understand how you would get a virus on your iPod or your phone.

Share this post


Link to post
Share on other sites

That is interesting. I guess viruses spread like the flu. I still don't understand how you would get a virus on your iPod or your phone.

You get it exactly as usual. You plug your phone on a friend's PC in order to show him a picture. His computer will see your phone as a USB disk. If the computer is infected, the virus will put his auturun.inf on this USB disk. And that's it, you start propagating the infestation.

Share this post


Link to post
Share on other sites

You get it exactly as usual. You plug your phone on a friend's PC in order to show him a picture. His computer will see your phone as a USB disk. If the computer is infected, the virus will put his auturun.inf on this USB disk. And that's it, you start propagating the infestation.

Ohh, tha does make sense. I think iPhones and iTouches would be safe, wouldn't they? I mean, I don't think there's even a jailbreak that allows windows to recognize them as usb storage disks (perhaps partially due to the filesystem)

Share this post


Link to post
Share on other sites

You get it exactly as usual. You plug your phone on a friend's PC in order to show him a picture. His computer will see your phone as a USB disk. If the computer is infected, the virus will put his auturun.inf on this USB disk. And that's it, you start propagating the infestation.

Bleh. Reading that is going to make me hesitate before inputting connecting my iPod or anything into a computer. :/

Is there anyway to prevent the device from getting infected with the virus if the computer you were plugging the device had a virus? I plug my jumpdrive in almost every computer I use (for PortableApps) so at the moment, I am wondering whether my jumpdrive is infected.

Share this post


Link to post
Share on other sites

Bleh. Reading that is going to make me hesitate before inputting connecting my iPod or anything into a computer. :/
Is there anyway to prevent the device from getting infected with the virus if the computer you were plugging the device had a virus? I plug my jumpdrive in almost every computer I use (for PortableApps) so at the moment, I am wondering whether my jumpdrive is infected.


I'm pretty sure there's an immunizer somewhere out there on the internet.

Share this post


Link to post
Share on other sites

I plug my jumpdrive in almost every computer I use (for PortableApps) so at the moment, I am wondering whether my jumpdrive is infected.

Portableapps has ClamWin antivirus. You should use it each time you come back home after having plugged your jumpdrive in a computer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.