Windows 7 Forums
Join Forum | Login | Today's Posts | Tutorials | Vista Forum | Windows 8 Forum


Windows 7: overlay.xul is back.

17 Dec 2009   #1
JMH

Win 7 Ultimate 64-bit. SP1.
1,236 posts
 
 
overlay.xul is back.
Quote:
It's been a while. If I remember correctly, a variant of Vundo was using the "overlay.xul" mechanism to hi-jack searches in the Firefox browser almost a year ago. Now, ISC reader Tom contacted us with a mystery that took him and his colleagues several days to unravel. The symptoms: You try to search with Google/Yahoo/Ask/Bing, but NoScript (a great add-on!!) warns you that the browser is actually trying to run a JavaScript from innoshots-dot-org. Having checked all the usual culprits, and run all the Anti-Virus tools you have, you find: Nothing. And the browser still redirects.
overlay.xul is a Firefox mechanism to allow applications to add elements to the browser GUI, and is used for good effect by several tools. We don't know which infection vector was used in Tom's case to deposit the malicious overlay file on the machine.
Source -
overlay.xul is back

Further info. -
Virustotal. MD5: 5b6d74705cdc585c64e4a2861ae39c29 Script.Gord.A.1 Trojan.Script.235944 Trojan.Script.235944

Last edited by JMH; 18 Dec 2009 at 12:35 AM.. Reason: Added another link.
My System SpecsSystem Spec

18 Dec 2009   #2

Windows 7 RTM
83 posts
 
 
Interesting, and frightening! I couldn't find much detail in the article about the point of infection. Does this mean that simply performing a google search is enough to infect a machine, even with Noscript? Are the infections limited to Firefox/Chrome?

Either way, the low detection rate is unacceptable for something that's been in the wild for a month! I wonder why the vendors are taking so long detecting it.
My System SpecsSystem Spec
18 Dec 2009   #3

Windows 7 Ultimate 32bit SP1
6,986 posts
 
 
More on this:
Internet Storm Center Diary 2009-12-17
My System SpecsSystem Spec
.


18 Dec 2009   #4

Windows 7 RTM
83 posts
 
 
I think that's the same article? It looks like exactly the same text, only with an unrelated blog entry without further details before it. It even has the same images.
My System SpecsSystem Spec
Reply

 overlay.xul is back. problems?



« Reviewing F-Secure Internet Security 2010. | Forefront Client Security, MSE, Frequent DB upgrades »
Thread Tools



Similar help and support threads for: overlay.xul is back.
Thread Forum
Overlay Icons on Thumbnails Music, Pictures & Video
How do I set a different overlay icon for SymLinks? Customization
Overlay document printing General Discussion
Help on the icon overlay. Customization
Overlay on desktop icons General Discussion


All times are GMT -5. The time now is 06:42 AM.

Contact Us - Windows 8 Support - Windows Vista Support - Legal - Privacy and cookies - Top

Seven Forums Android App Seven Forums IOS App Follow us on Facebook

Windows 7 Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32