Malicious advertising software uses the User. js file to disable Firefox's secure browsing Function

Source: Internet
Author: User

Malicious advertising software uses the User. js file to disable Firefox's secure browsing Function

Recently, security experts found that there are two PUP (Potentially Unwanted Programs:Attackers can secretly disable Firefox's secure browsing function to automatically play spam ads in the browser.

Malicious advertisement software discovery

The two pups are Shell & Services and Mintcast 3.0.1 respectively.

After analysis, it is found that Shell & Services and Mintcast 3.0.1 are all from the Mintcast variants, and they are generally packaged together with other software as browser plug-ins for installation, and such browser plug-ins installation operations, execution can be performed without user approval. Based on tracking of its behavior traces, it can silently disable Firefox's secure browsing function, when a user browses other legitimate websites, spam ads are injected into users' browsers or users are redirected to malicious webpages.

Secure browsing

Secure browsing is a service first developed by Google and is also applied to Safari and Firefox. The so-called Secure browsing feature includes a blacklist of website URLs, which are from previously discovered malicious software redirection websites. It is reported that the current blacklist is updated by Google and Mozilla engineers in real time to ensure the security of users when browsing the website.

Change the user. js file and disable Firefox's secure browsing function.

Because Firefox allows users to create a user. js files are used to store various browser settings, and the Mintcast malicious advertising software uses this feature for user. js tampering, and finally disable the secure browsing function. The steps for executing malicious AD software are as follows.

1. In C: \ Users \ {username} \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ {profile }. no user is found in the default folder. js file, the malicious advertising software will create one, which only needs to write three lines of code, as shown below:

user_pref(“browser.safebrowsing.downloads.enabled”, false);user_pref(“browser.safebrowsing.enabled”, false);user_pref(“browser.safebrowsing.malware.enabled”, false);

2. The preceding user. when the code in js is executed, it will tell Firefox to stop comparing it with the URL in the blacklist when the user browses the webpage or downloads the file, so as to disable the secure browsing function. After the Firefox secure browsing function is disabled, the malicious advertising software redirects the browsing webpage to a malicious page. At this time, the browser will not trigger alarms for malicious webpages.

When the browser is enabled, the user. js file will also be executed. Even if the user finds this situation, it is invalid to re-enable the secure browsing function through the browser setting options. Unless the user. js file is removed from the storage directory mentioned above.

Conclusion

According to the study of MalwareBytes, this technology to disable secure browser browsing is being used by more and more malicious software, and users should be prevented.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.