We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Viral Addon Installed without permission?

  • 1 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 Toad-Hall

more options

Platform: Windows 7 Up to date Email: Thunderbird 31.6 Virus Tool: McAfee up to date Payload: It may have been dormant for two weeks: A client receieved a virus in the form of soo attached Report.zip which contained a virus. The virus disabled an upto date McAfee Anti Spam addon and install an addon called ???Client_1. This then read the collected addresses and built emails to propagate adding the emails in sent items. The add-on likely had built in error detection in that it attempted to send 96 emails as bcc which errored on send and it changed to 95 (also failed with invalid email), It then tried 22 and succeeded. It was detected atthis point after the user noticed the errors.

The payload was not detected by McAfee or AVG but as an exe in a zip clearly contains email dll's from microsoft.

Remedial Steps: Take Thunderbird off line. Examine addons. Remove weird Add-On and disable McAfee anti spam (as it did nothing) Export Address book. Delete Addresses. Restart Thunderbird Turn on-line. Check network bytes. Fix emails Apologise on resend (without virus) Tell you guys and AVG/McAfee

You should NOT be able to have an addion without permission. Updates great but initial NO.

Good luck and keep up the great work. I have the file if you want to add it to a vm to see the addon (sorry I did not keep it).

Cheers. Arvid.

Platform: Windows 7 Up to date Email: Thunderbird 31.6 Virus Tool: McAfee up to date Payload: It may have been dormant for two weeks: A client receieved a virus in the form of soo attached Report.zip which contained a virus. The virus disabled an upto date McAfee Anti Spam addon and install an addon called ???Client_1. This then read the collected addresses and built emails to propagate adding the emails in sent items. The add-on likely had built in error detection in that it attempted to send 96 emails as bcc which errored on send and it changed to 95 (also failed with invalid email), It then tried 22 and succeeded. It was detected atthis point after the user noticed the errors. The payload was not detected by McAfee or AVG but as an exe in a zip clearly contains email dll's from microsoft. Remedial Steps: Take Thunderbird off line. Examine addons. Remove weird Add-On and disable McAfee anti spam (as it did nothing) Export Address book. Delete Addresses. Restart Thunderbird Turn on-line. Check network bytes. Fix emails Apologise on resend (without virus) Tell you guys and AVG/McAfee You should NOT be able to have an addion without permission. Updates great but initial NO. Good luck and keep up the great work. I have the file if you want to add it to a vm to see the addon (sorry I did not keep it). Cheers. Arvid.

所有回覆 (1)

more options

Many thanks for posting info on this virus.

As with any attachment, you should not open and run attachments that do not come from a trusted source.

In this instance, the person must have saved, opened, unzipped and run the exe file in that attachment without checking it out. Even if the email address seemed familiar, did the alledged sender really send it or did the real sender abuse another persons email address?

Usually, you would get a pop up asking permission to run a program, but that depends on computer settings, running as administrator etc.

UAC info which may be of assistance regarding permission for programs to run: http://www.7tutorials.com/uac-why-you-should-never-turn-it-off