Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on June 19, 2015, 09:21:02 AM
-
Malware script detector detected Firefox Malware Exploiter via chrome protocol on htxps://accounts.google.com/ServiceLogin?service=devconsole&passive=1209600&continue=https%3A%2F%2Fcode.google.com%2Fapis%2Fconsole%2F&followup=https%3A%2F%2Fcode.google.com%2Fapis%2Fconsole%2F
Script is blocked, but where does this threat stem from? Anyone?
This was detected in Google Chrome Sandbox Version, see: http://userscripts-mirror.org/scripts/review/30284
Is this abused for DNS rebinding attacks when a default password is used?
An extension that is suspect as an AVG attack tool may be Crunch.
Is it this install where it comes from?
polonus
-
Attack is long existing, read: https://blog.mozilla.org/security/2008/01/22/chrome-protocol-directory-traversal/
polonus
-
With these blocked no alert: Blocked:
ssl.gstatic.com - Whitelist
htxps://ssl.gstatic.com/chrome/components/doodle-notifier-02.html
www.gstatic.com - Whitelist
htxps://www.gstatic.com/og/_/js/k=og.og.en_US.-QToZkIwAFc.O/rt=j/t=zcms/m=ld,sy57,d,sy72,gl,is,id,nb,nw,sb,sd,st,awd,sy64,p,vd,lod,eld,ip,dp,cpd/rs=AItRSTMkxB8bzdEYwDq2Se-yBGk9BxSa9A
polonus