I've been infected by malware today http://www.virustotal.com/file-scan/report.html?id=6272bc38294005a43db2440ed0eede7ac27c8ed67c368accf9b87a5ab52a0b3e-1301630398 called XP Anti-Virus 2011 Avira skiped it - at the time just a few antyviruses detect it. How I got it ff4 on windows xp sp3 running with admin rights (i know stupid)
ran this google search http://www.google.co.uk/#sclient=psy&hl=en&q=elektor+download&aq=f&aqi=&aql=&oq=&pbx=1&fp=5f249b55c4d46e3 and went to this address http://ebookee.org/Elektor-Electronics-April-2011-UK-_1111405.html at this stage nothing happens unless you click anywhere on the page then a new windows pops out http://ebookee.org/popular/ebookee.com.html after a few seconds I got alert from windows security manager telling me my firewall is disaled, firefox has been closed and I got annoying shiled with fake virus scan. I went to safe mode and spent good half hour before manually getting rid of this crap, it took ever exe extension in order to run itself even in safe mode. I've tired to run firefox again in sandbox but it seems not to trigger this infection again. There was no interacton form my side, just new window popped and thats it. Can anyone recreate this steps in order to finad a way how this byspassed firefox ? How can I help with investigation ? I've got sample of the trojan but don't think this would explain possible security breach in firefox. Regards Sam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security