topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 1:05 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Scam/adware from Mozilla update; how do I find the culprit?  (Read 3524 times)

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Don't fix what is not broken. But Mozilla wants us all to have these signed versions, so I finally clicked "Update" in Firefox Addons, and right away felt a nervous knot in my stomach; oh, why didn't I abort the update at once?

My biggest problem is, that after the first five update procedures, I lost my patience and I updated some 32 extensions at the same time - yeah, I know, "always update addons one at a time", but there were too many still waiting - so now I don't know which addon was polluted. Is there a clever, fast way to find out? It's probably not a good idea to tell me to test this many one at a time...
 :tellme:


After re-launch a page popped up and said "Gratulations: You are the chosen one!" and gave me the option to answer 4 questions and then have a gift, which showed to be the chance to buy this&that for "before $120, right now $1". The link was for Firefox, but I was given the same offer when I visited the link via Internet Explorer and Chrome: http://consumernordi...cb8fd37c1fb31900064f > no virus, but seemingly fine offers you (most likely) should not take. The link goes to Denmark, are you being redirected elsewhere?

Modified:
I should of course point out that there have been no suspicious reactions whatsoever. Only the link to a "shop".

« Last Edit: June 16, 2015, 06:52 PM by Curt »

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Scam/adware from Mozilla update; how do I find the culprit?
« Reply #1 on: June 16, 2015, 06:51 PM »

Well, it stays Danish for me.

But that's a pity, I didn't know this was a vector for addons! My guess is that when you install and maybe update addons, some of them like to send you to webpages "thank you for installing Ghostery!" or something.

Except maybe one of them had the page taken over so it sent you there. But I don't know which one!


Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: Scam/adware from Mozilla update; how do I find the culprit?
« Reply #2 on: June 16, 2015, 07:06 PM »
for a minute I thought I was being clever: In Firefox > Addons, I clicked "show the latest updates", and I saw that only one updated addon was not "signed"! Ha ha, this surely is The Sinner! I removed it and reinstalled a new copy - but nothing out of the ordinary happened. Hm...

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,958
    • View Profile
    • Donate to Member
Re: Scam/adware from Mozilla update; how do I find the culprit?
« Reply #3 on: June 17, 2015, 02:16 AM »
One way of testing is to disable half the addons, and see which gruop sets the thing off - continue in that manner to hopefully narrow it down to the culprit.
Tom

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: Scam/adware from Mozilla update; how do I find the culprit?
« Reply #4 on: June 17, 2015, 11:22 AM »
I was quite upset when I wrote the initial post, so I didn't explain myself perfectly well. I know I never do, but, hey, most of the times you know what I mean.

Modified:
I should of course point out that there have been no suspicious reactions whatsoever. Only the link to a "shop".

The problem is really not my problem, but Mozilla's: An addon contained a link to a third-party site, nothing else has happened. But this is bad for Mozilla. So bad, that I ought to tell them. But I can't, because I don't know what addon it was - and I don't want to send them a list of fifty shades of extensions, and then just say, "one of them made me an offer, and nothing else happended".