« Phishing Games
Fenomen Game Downloader!? »

Firefox Vietnamese Vulnerability

Hello, Folks!

Detected by many pplz and AVs (also Mozilla company detected), you may be under malicious use… If you downloaded vietnamese pack add-on for Mozilla Firefox (I barely use Firefox so I’m not infected), you may be under malicious use /!DONT BE ALARMED!\, this may be a weak or medium type vulnerability that will show up some pop-ups (Maybe so much popups depending of wat sites you visit). I’m scanning now, for more information go to Mozilla’s Blog Article about this vulnerability. I will update this article l8r when I found out more, Read the next to know more about the vulnerability:

Vulnerability in Firefox

The files which contain that malicious code are detected as W32/Xorer.T.

This instruction resolves to: http://js.k0102.com/01.asp , don’t worry because this URL is currently offline.

The question is: how can anybody be sure that their computer is malware free?

You can check it in any AV online scanner.

Reproducible: Always

Steps to Reproduce:
1. Go to http://addons.mozilla.org/firefox/addon/5954
2. Save the xpi file
3. Scan that file with Avast, Kaspersky or any antivirus you have, 2/3 will
detect it.

UPDATE: A totally Hex Editor Scan Has been doing by unixrange (we’re just partners) Watch video on http://www.youtube.com/watch?v=jDMHp2HjpBQ

Scans performed by me:

THexT Edit

THexT Suspicious chrome code

HeX EdIt

ASM Edit

What i’ve scanned, it says it makes a chrome dirctory and acess it to make it as the vuln temporary folder, but I’m not really sure about it, some codes make me confused!

So be aware, I Showed You the danger…

This entry was posted on May 11, 2008 at 2:47 pm and is filed under Information, Virus info with tags , , , , , , , . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply