The following STR would consistently download the "malware" (but it's not happening anymore?):
(Links in code tags and sanitised in case something actually malicious is/was going on here.)
1) Go to
Code: Select all
https www youtube.com/watch?v=UOkremCZO6w
Code: Select all
https bugzilla.mozilla. org/show_bug.cgi?id=1019021
4) Open a new tab, and do a Startpage search (from the browser searchplugin) for
Code: Select all
host:youtube.com Mango - Here We Go (Original Mix)
That's when I got the alert. No HTTP requests were sent to unexpected domains.
My system came out clean in full scans by both Symantec and ClamXav, so I think it's safe to say I didn't actually get infected, but I do have a couple of questions:
1) Is SeaMonkey 2.27a2 (the latest available of that version) on OS X vulnerable to that exploit at all? (I think no, but not quite 100% sure...)
2) Could it be that there is actually no malware or exploit coming from those websites at all, but just that the cached GIF image wasn't quite "correctly" written to disk due to high CPU usage (initiated by me) at the time I was able to reproduce it?
(Unfortunately, I don't have a copy of the file anymore, nor do I have any way that I know of to preserve it for analysis should I manage to reproduce this again.)