Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSFT exposes Firefox users to drive-by malware download

16 Oct 2009   #1
kodi

Windows 8.1 Pro x64
 
 
MSFT exposes Firefox users to drive-by malware download

More


My System SpecsSystem Spec
.

16 Oct 2009   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This would be a "goored" type of infection ... I'm not sure, but I think MalwareBytes' have been working on this bit of malware.

This is an example when scanned with Gooredfix:
=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{E616A495-EBCA-4F9D-84B9-D04016D33CA9}

C:\Program Files\Mozilla Firefox\extensions\{775372EE-D619-4557-A9CC-44BB47A03EFA}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
My System SpecsSystem Spec
16 Oct 2009   #3
Teerex

Windows 7 x64 Ultimate SP1
 
 

I assume that now that the vulnerability in question has been fixed, this is now moot, except as a new warzone in Mozilla Foundation- Microsoft wars?
My System SpecsSystem Spec
.


16 Oct 2009   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It's a DNS redirection (including the hosts file) exploit. It can be 'fixed'. I don't see it as a war between MS and FF, but if you do, then you have your reasons.

Known as the "goored" infection, this is a Firefox hijacker that targets a variety of search engines:
Google, Yahoo, Msn, AOL and Ask.

Usually, the first sign of infection is that upon starting Firefox, you receive a notification that "1 new Add-on has been installed", although you did not knowingly install anything. When using any of the above search engines, you may notice that during the search you see names like zfsearch.com, v1.adwarefeed.com flash past in your status bar
My System SpecsSystem Spec
17 Oct 2009   #5
Teerex

Windows 7 x64 Ultimate SP1
 
 

It seems to me that you are kinda confused about the topic. This is about a Firefox attack vector opened up by a vulnerability that was just patched.

What the heck're you writing about?
My System SpecsSystem Spec
17 Oct 2009   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

No, I'm not confused ..... this is the application that was added by MS .... Reason to avoid!
Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: *remote code execution vulnerability

*Drive-by malware download can easily redirect DNS and change the Hosts file.

The 'fix' was posted here quite a while back. This is the article
Annoyances.org - Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension

I was talking about 'Goored', which is a drive-by malware download. We have a tool to 'fix' the Goored malware.

Now, if you look at my above posts, do you see where I'm coming from?
My System SpecsSystem Spec
18 Oct 2009   #7
Teerex

Windows 7 x64 Ultimate SP1
 
 

Yeah, but the connection is a bit loose, don't you think?

Anyways, Mozilla blocked both the extension and the plugin on the eve off Saturday.
My System SpecsSystem Spec
Reply

 MSFT exposes Firefox users to drive-by malware download




Thread Tools





Similar help and support threads
Thread Forum
Hack of Boxee.tv exposes password data, messages for 158,000 users
Source A Guy
Security News
Target data breach exposes serious threat of POS malware and botnets
Source A Guy
Security News
Flashback malware exposes big gaps in Apple security response
Source A Guy
Security News
AV users still get infected with malware
More...
Security News
Firefox hit by multiple drive-by download flaws
Just in at ZDNet: More at: Firefox hit by multiple drive-by download flaws | Zero Day | ZDNet.com
System Security
CAUTION!<---Make sure MSFT doesn't GIVE you TWO KEYS!=MSFT=wasteful
I just realized that once you get a key and click on DOWNLOAD, MSFT gives you yet ANOTHER KEY and of course it will work (all the keys work, 32 works for 64, 64 works for 32, et-cetera), this means MSFT is being wasteful and we will ALL be getting 2 keys. Make sure when you click on DOWNLOAD,...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:07.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App