SPYWARE BUNDLE!

Ask for help about NoScript, no registration needed to post

SPYWARE BUNDLE!

Postby stavstav » Sat Dec 19, 2009 7:42 pm

so i downloaded the new noscript plugin.. thru the browser firefox. and guess what... it comes packaged with a free spyware! SPY FIGHTER TOOL installed against my will. you dirty assholes
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
stavstav
 

Re: SPYWARE BUNDLE!

Postby Giorgio Maone » Sat Dec 19, 2009 8:02 pm

Uh? Where did you download it from?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
User avatar
Giorgio Maone
Site Admin
 
Posts: 7322
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: SPYWARE BUNDLE!

Postby computerfreaker » Sat Dec 19, 2009 11:09 pm

wait wait wait wait wait...
I just downloaded NoScript, too. It came with a total of 0 3rd-party anything...
I'm guessing you got tricked by some scumbag who took advantage of NoScript's high reputation to pawn his trash apps. Where did you get this "NoScript" from?

Disclaimer: I'm not affiliated with NoScript or Mr. Maone at all; I'm just a happy user. :)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
User avatar
computerfreaker
Senior Member
 
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: SPYWARE BUNDLE!

Postby stavstav » Mon Dec 21, 2009 5:09 pm

I downloaded it thru firefox plugins updater!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
stavstav
 

Re: SPYWARE BUNDLE!

Postby stavstav » Mon Dec 21, 2009 5:16 pm

first it installed noscript then it installed "spy fighter tool".. 64966074.exe in c:documents and settings\ somewhere.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
stavstav
 

Re: SPYWARE BUNDLE!

Postby Giorgio Maone » Mon Dec 21, 2009 5:55 pm

stavstav wrote:I downloaded it thru firefox plugins updater!

This is impossible, since Firefox's plugins updater uses AMO as its source and add-ons containing executable raise a warning flag in the editor review process. (On a side note, I upload all the versions there and I know there's no executable inside).
stavstav wrote:first it installed noscript then it installed "spy fighter tool".. 64966074.exe in c:documents and settings\ somewhere.

What's "it"? Firefox's plugin updater or NoScript? Either way, how can you say exactly what it was (did you see any message/window/whatever)?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
User avatar
Giorgio Maone
Site Admin
 
Posts: 7322
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: SPYWARE BUNDLE!

Postby stavstav » Mon Dec 21, 2009 7:53 pm

i had no other progs open only firefox and the plugin updater came up, so i updated, immediately after installing plugin, then it starts trying to download more spyware with a fake "windows update" dialog

well maybe it was another plugin download it could be but i thought it was this one
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
stavstav
 

Re: SPYWARE BUNDLE!

Postby stavstav » Mon Dec 21, 2009 7:56 pm

the way i could tell is it went to the noscript page after installing update, then the malware exeuted right after that
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
stavstav
 

Re: SPYWARE BUNDLE!

Postby therube » Mon Dec 21, 2009 9:33 pm

Now that could be a possibility if the NoScript site or an ad within were compromised?
But even if it were an ad, you would still expect NoScript to afford you protection, as the ad would be hosted at a different domain. And that domain would not be Allowed by default.

After the restart, you would (normally) also open your Home Page, & any other windows/tabs (sites) that you had opened before the update, so the possibility exists that any malware could have come from one of those pages too.

Or the malware could have gotten onto your computer by means outside of Mozilla, & was only waiting for the appropriate time to present itself, which would have been on a browser restart. Just so happened that it was a NoScript update that prompted the restart, & so just so happened that is when you saw the malware.

PS: FF 3.5.6 is out, closing a few (four I believe) security vulnerabilities. You should update. (Likewise, you want to be sure that your "plugins" (Flash, Acrobat, Java, ...) are all up to date too.)

Do you still have this "64966074.exe" file? Not that I don't doubt it is malware, but upload it to Virustotal & provide the returned link here.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1
User avatar
therube
Ambassador
 
Posts: 4899
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: SPYWARE BUNDLE!

Postby Giorgio Maone » Mon Dec 21, 2009 9:42 pm

therube wrote:Now that could be a possibility if the NoScript site or an ad within were compromised?
But even if it were an ad, you would still expect NoScript to afford you protection, as the ad would be hosted at a different domain. And that domain would not be Allowed by default.

Notice that a malicious ad or a site compromisal (both of which I can exclude, since the only embedded ads I've got are Adsense and those can't do any damage unless you click them, provided that a landing page is infected and whitelisted) wouldn't anyway install a "Free Spy Fighter Tool": that sounds like a scareware, which by definition gets installed by tricking the user into voluntarily download it. Otherwise there would be no point into using a "legitimate" disguise.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
User avatar
Giorgio Maone
Site Admin
 
Posts: 7322
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: SPYWARE BUNDLE!

Postby therube » Mon Dec 21, 2009 9:45 pm

(Notice that ... I was probably updating my above response four or file times while you were posting ... so if you didn't reread ;-).)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1
User avatar
therube
Ambassador
 
Posts: 4899
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: SPYWARE BUNDLE!

Postby computerfreaker » Tue Dec 22, 2009 12:32 am

stavstav wrote:the way i could tell is it went to the noscript page after installing update, then the malware exeuted right after that

Sounds like an ugly coincidence to me. (Unless some moron's trying to smear NoScript...)
Try going back to the NoScript page and see if anything unusual happens. If not, the popup was a coincidence. If something unusual happens, post here.
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
User avatar
computerfreaker
Senior Member
 
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: SPYWARE BUNDLE!

Postby stavstav » Thu Dec 24, 2009 4:44 pm

well i think it came down with the firefox software update maybe an old url or something. it wouldnt be able to install from the web page like that

does the noscript guy have a bunch of hacker enemies maybe
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
stavstav
 

Re: SPYWARE BUNDLE!

Postby Guest » Thu Dec 24, 2009 4:53 pm

nothing happens at noscript page i went there a bunch of times.

it was not a popup it was a malware program running
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
Guest
 

Re: SPYWARE BUNDLE!

Postby stavstav » Thu Dec 24, 2009 4:57 pm

i also wasnt tricked into downloading anything, exept the noscript plugin oof course which executed a virus as well
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
stavstav
 

Next

Return to NoScript Support

Who is online

Users browsing this forum: Google [Bot] and 7 guests