MozillaZine

wips.com block site addon suddenly installed by itself?

User Help for Mozilla Firefox
moztly
 
Posts: 54
Joined: December 22nd, 2005, 4:01 am

Post Posted August 10th, 2013, 1:00 am

Just opened firefox today and suddenly it says I just installed a new addon called wips.com block site. I didn't do that. And it want's me to agree to some terms. What's going on with this? Is this a hijacker or something? Thanks

malliz
Folder@Home

User avatar
 
Posts: 43605
Joined: December 7th, 2002, 4:34 am
Location: Australia

Post Posted August 10th, 2013, 2:06 am

bludshot wrote: What's going on with this? Is this a hijacker or something?

Yes it is, have you installed any other extensions lately? Could have ridden along with something. Seeing as it is an addon you should be able to uninstall it from addons
What sort of man would put a known criminal in charge of a major branch of government? Apart from, say, the average voter.
"Terry Pratchett"

moztly
 
Posts: 54
Joined: December 22nd, 2005, 4:01 am

Post Posted August 10th, 2013, 2:25 am

No, I haven't installed any extensions in forever. It's this: https://addons.mozilla.org/en-us/firefo ... blocksite/

Apparently it has been transmitting data to that company for a year or something without my permission, ever since they took over the addon from the original author. And then only now with some FF update (I guess?) they put up the page asking for permission.

That's a big mozilla fail I think. Addons being bought by companies and then suddenly transmitting data with no permission and no notice from FF that anything has changed? ...

malliz
Folder@Home

User avatar
 
Posts: 43605
Joined: December 7th, 2002, 4:34 am
Location: Australia

Post Posted August 10th, 2013, 2:39 am

Maybe something you need to report to AMO
https://addons.mozilla.org/en-us/develo ... es/contact
What sort of man would put a known criminal in charge of a major branch of government? Apart from, say, the average voter.
"Terry Pratchett"

Mikemc31
New Member
 
Posts: 1
Joined: August 10th, 2013, 4:08 am

Post Posted August 10th, 2013, 4:11 am

This just happened to me today as well. Could be a timed payload or the add-on is so useless I didn't remember when I installed it.

moztly
 
Posts: 54
Joined: December 22nd, 2005, 4:01 am

Post Posted August 10th, 2013, 12:15 pm

I have just emailed them, thanks.

Malliz, do you think this addon has been transmitting ALL my browsing habits for the last year to this wips company?!

I never manually updated this addon. The original addon that I installed a couple years ago didn't have spyware. Is there a way that I can check to see when this addon was updated? I was just thinking "Phew, I never updated it till it magically updated on its own today, so I would have had the old non-spyware one for all this time and been fine", but then I thought, crap, what about those times when firefox updates, and it says it will search for updates for your plugins so they work with this new version of firefox. Perhaps one of those times it updated the plugin to the bad one.

Is there a way that I can see a history of firefox update/plugin updates? If I could know the times it got updated (if any), and the versions etc, then I would know if I had the spyware one for a year or not.

I trusted firefox, and I never thought of the idea of a plugin going rogue, because I've never heard of that happening till now.

I have now turned off automatic updates in firefox and set it to manual. This is usually a level of distrust I reserve for Microsoft, but since firefox is allowing addons to turn into spyware, automatic updates are a security risk imo.

patrickjdempsey

User avatar
 
Posts: 23734
Joined: October 23rd, 2008, 11:43 am
Location: Asheville NC

Post Posted August 10th, 2013, 1:28 pm

Firefox checks for extension updates DAILY. It has to, because there is no schedule for when an addon will be updated. The last version of this extension listed on AMO is from July 9th.

Mozilla has some pretty major security in place on their addons site. All extensions have to go through an automated and manual code review before being allowed. That being said, from time to time some sneaky things can get through.

It's also possible for OS-level software to install Firefox extensions. Personally, I have no idea why Mozilla continues to allow this for all users because IMO outside of a corporate network, there is absolutely no legitimate reason what-so-ever for an extension to be installed from the OS-level. Have you installed or updated any other software on your computer recently?

The fact that WIPS.com seems to specialize in building copies of other people's software, it does look suspicious to me. BlockSite is basically just doing what AdBlock Plus can do, just with the ad-blocking subscriptions stuff removed. You can create custom filters in AdBlock Plus like this:

||facebook.com^
||fbcdn.net^

This will not only block Facebook from loading, but any of Facebook's "network" stuff like off-site "Like" buttons and "FB Comment" boxes.
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/

Anonymosity
 
Posts: 8547
Joined: May 7th, 2007, 12:07 pm

Post Posted August 10th, 2013, 2:30 pm

What does the caret after the hostname do? Is that a wildcard?

Anonymosity
 
Posts: 8547
Joined: May 7th, 2007, 12:07 pm

Post Posted August 10th, 2013, 3:59 pm

It would seem that Blocksite is now spyware. There is another extension that does much the same thing without the spyware.
https://addons.mozilla.org/en-US/firefo ... ockune-bl/

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted August 10th, 2013, 5:01 pm

If you go to the WIPS website you will see "Create your own extension in less than 2 minutes" Looks like another Conduit/BlueThunder problem.

Their extensions do not include a privacy policy which they should. This is worthy of a bug in bugzilla.

"NOTE: WIPS.COM'S EXTENSION SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW. IN SOME CASES, INFORMATION COLLECTED BY THE EXTENSION SERVICE MAY BE PERSONALLY IDENTIFIABLE, BUT PRIVACY IS IMPORTANT AT WIPS.COM, AND WE DO NOT ATTEMPT TO ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY WIPS.COM USER. ...
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

patrickjdempsey

User avatar
 
Posts: 23734
Joined: October 23rd, 2008, 11:43 am
Location: Asheville NC

Post Posted August 10th, 2013, 8:35 pm

Yup, I think this is a conduit scam.

Anonymosity, the || in the beginning and ^ at the end are both "wildcards" and make it so ANY site with those anywhere in the url are blocked.
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted August 10th, 2013, 11:11 pm

You would think that AMO would be brighter then this by now. Emailed jorgev mainly because eight weeks of rationalization in bugzilla does not currently appeal to my sense of humor.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted August 10th, 2013, 11:40 pm

bludshot, have you gotten rid of it?
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

Axel Grude

User avatar
 
Posts: 40
Joined: September 24th, 2009, 9:21 am

Post Posted August 11th, 2013, 3:11 am

Since nefarious stuff like phoning home is usually strictly opt -in, and you saw the site yesterday it looks to me as if one has 'slipped through the cracks'. It is likely that it only transmits the info since yesterday. We just need to find out which addon is the culprit can you post the list of extensions?

Arked
 
Posts: 4
Joined: August 11th, 2013, 10:31 am

Post Posted August 11th, 2013, 11:09 am

I hit this thread through Google after receiving the same message last night, the first time after opening a new session after midnight EST.

I found a new extension (BlockSite) in the Add-Ons manager, where I've only ever had two - NoScript (2.6.7) and AdBlock Plus (2.3.2) They're the only ones I use, and I'm pretty meticulous about what I put on this PC, so I can't figure out how it got on there. It certainly wasn't through the Add-ons interface and I'd never even heard of BlockSite before. I certainly don't want or need it.

Prior to uninstalling it, I checked through the options - the 'send reports' option was not active, and I never clicked on the splash page, so I'm assuming no one's browsing information was sent out yet unless it ignores that option.

I did find two entries already in the blacklist, though, one to the main domain of one site I visit regularly, the other (oddly) the URL to a specific article on another site I did visit the day prior. I cleared the list and removed the extension, but I'm having a few connectivity issues today. I can't be sure removing the extension was a factor, but no other computers on the network are experiencing them.

I've checked through my history and don't see any unfamiliar sites, I can account for every visit and none of them were for downloads or extensions. NoScript did push their update page (http://noscript.net/?ver=2.6.7&prev=2.6.6.9) at 12:51am on 09/08 so it must have updated earlier. No idea if that's relevant.

Hope that info helps, and if anyone has an insight on if those connection issues are related, it'd be appreciated. Thanks!

Return to Firefox Support


Who is online

Users browsing this forum: Bing [Bot] and 4 guests