[fosterr]

Today I went to animewallpapers.com and got this popup which tried to install
what has to be the first web page hijacker made for mozilla based browsers.
I do not know if this is the first ever spyware for mozilla browers but it is the first
time I have have seen any. It is also a virus.



When I visited the url that is there it takes you too a License Agreement,
when you read it it confirms that it is a web page hijacker.

http://www.blazefind.com/license.html

[old Neil Parks]

Defense:

http://accs-net.com/hosts/

"blazefind.com" is one of the hosts blocked by this excellent file.

[John Liebson]

Hardly the first; see, for example, http://forums.mozillazine.org/viewtopic.php?t=66531

[shadytrees]

There seems to have been a surge of the first batch of spyware XPIs this month. There's around five or six of these circulating now.

[TheOneKEA]

Bug 238684 is on its way to being RESOLVED FIXED, which will prevent this from happening in Firefox 0.9.

[c0Ld]

hopefully .9 will resolve this

[Xe]

I have also seen this on a couple of other sites...

[BenBasson]

The install trigger can no longer be opened by an onload event, the code was just checked in. See Bug 238684 for details.

[[ Apocalipsis ]]

just gessing....is there any aprox date to 0.9 be released??

[soccer_dude182]

So, there won't ever be any popups like these when .9 rolls around?

[Thesh]

So, there won't ever be any popups like these when .9 rolls around?

Not done the same way you saw there. Most likely they will just start putting these in onClick events in regular links...

[soccer_dude182]

Does that mean we'll see them less often? ... I guess what I'm asking is.. what difference will it make from changing the onload event if they'll just change the way the spyware comes up?

[jason2584]

If they don't allow the XPInstaller to be called onLoad, and only onClick, then you won't see these installation prompts ("popups") unless you click on something. That solves the problem, unless of course the site author puts a call to XPInstall in a link's OnClick event and calls the link something misleading. That's similar to sites that have links that execute an ActiveX module (in IE) or initiate a file download that you weren't expecting. The *bad*ware won't go away, but at least the installation prompt will only come up if you click on something, instead of just popping up when the page loads. Not much more you can do, really. Educate the masses...teach them to read message boxes before automatically clicking "Yes" or "OK".

[d_g]

I've always noticed that XPI install windows have 'unsigned' in them. Presumebly this hints that there might be some kind of signing method for approved extensions. Anyone know any more about this?

[d_g]

Lots more here

http://forums.mozillazine.org/viewtopic.php?p=448910