Firefox Vietnamese Vulnerability

Hello, Folks!

Detected by many pplz and AVs (also Mozilla company detected), you may be under malicious use… If you downloaded vietnamese pack add-on for Mozilla Firefox (I barely use Firefox so I’m not infected), you may be under malicious use /!DONT BE ALARMED!\, this may be a weak or medium type vulnerability that will show up some pop-ups (Maybe so much popups depending of wat sites you visit). I’m scanning now, for more information go to Mozilla’s Blog Article about this vulnerability. I will update this article l8r when I found out more, Read the next to know more about the vulnerability:

Vulnerability in Firefox

The files which contain that malicious code are detected as W32/Xorer.T.

This instruction resolves to: http://js.k0102.com/01.asp , don’t worry because this URL is currently offline.

The question is: how can anybody be sure that their computer is malware free?

You can check it in any AV online scanner.

Reproducible: Always

Steps to Reproduce:
1. Go to http://addons.mozilla.org/firefox/addon/5954
2. Save the xpi file
3. Scan that file with Avast, Kaspersky or any antivirus you have, 2/3 will
detect it.

UPDATE: A totally Hex Editor Scan Has been doing by unixrange (we’re just partners) Watch video on http://www.youtube.com/watch?v=jDMHp2HjpBQ

Scans performed by me:

THexT Edit

THexT Suspicious chrome code

HeX EdIt

ASM Edit

What i’ve scanned, it says it makes a chrome dirctory and acess it to make it as the vuln temporary folder, but I’m not really sure about it, some codes make me confused!

So be aware, I Showed You the danger…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: