Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSFT exposes Firefox users to drive-by malware download


16 Oct 2009   #1

Windows 8.1 Pro x64
 
 
MSFT exposes Firefox users to drive-by malware download

More


My System SpecsSystem Spec
.

16 Oct 2009   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This would be a "goored" type of infection ... I'm not sure, but I think MalwareBytes' have been working on this bit of malware.

This is an example when scanned with Gooredfix:
=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{E616A495-EBCA-4F9D-84B9-D04016D33CA9}

C:\Program Files\Mozilla Firefox\extensions\{775372EE-D619-4557-A9CC-44BB47A03EFA}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
My System SpecsSystem Spec
16 Oct 2009   #3

Windows 7 x64 Ultimate SP1
 
 

I assume that now that the vulnerability in question has been fixed, this is now moot, except as a new warzone in Mozilla Foundation- Microsoft wars?
My System SpecsSystem Spec
.


16 Oct 2009   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It's a DNS redirection (including the hosts file) exploit. It can be 'fixed'. I don't see it as a war between MS and FF, but if you do, then you have your reasons.

Known as the "goored" infection, this is a Firefox hijacker that targets a variety of search engines:
Google, Yahoo, Msn, AOL and Ask.

Usually, the first sign of infection is that upon starting Firefox, you receive a notification that "1 new Add-on has been installed", although you did not knowingly install anything. When using any of the above search engines, you may notice that during the search you see names like zfsearch.com, v1.adwarefeed.com flash past in your status bar
My System SpecsSystem Spec
17 Oct 2009   #5

Windows 7 x64 Ultimate SP1
 
 

It seems to me that you are kinda confused about the topic. This is about a Firefox attack vector opened up by a vulnerability that was just patched.

What the heck're you writing about?
My System SpecsSystem Spec
17 Oct 2009   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

No, I'm not confused ..... this is the application that was added by MS .... Reason to avoid!
Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: *remote code execution vulnerability

*Drive-by malware download can easily redirect DNS and change the Hosts file.

The 'fix' was posted here quite a while back. This is the article
Annoyances.org - Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension

I was talking about 'Goored', which is a drive-by malware download. We have a tool to 'fix' the Goored malware.

Now, if you look at my above posts, do you see where I'm coming from?
My System SpecsSystem Spec
18 Oct 2009   #7

Windows 7 x64 Ultimate SP1
 
 

Yeah, but the connection is a bit loose, don't you think?

Anyways, Mozilla blocked both the extension and the plugin on the eve off Saturday.
My System SpecsSystem Spec
Reply

 MSFT exposes Firefox users to drive-by malware download




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:18 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33