ExTS Admin Starbuck Posted December 26, 2015 ExTS Admin Posted December 26, 2015 Two PUPs (Potentially Unwanted Programs) are secretly turning off Safe Browsing support in Firefox to make sure they can deliver unsolicited ads and even malware if their creators ever wish to do so. The two PUPs are Shell&Services and Mintcast 3.0.1. These are browser add-ons for Firefox, Chrome, and IE, and are generally installed without the user's consent, packaged with other software. These two come with a newer variant of the Mintcast adware, which, besides injecting ads inside the user's browser while navigating legitimate websites, also secretly turns off Safe Browsing support in Firefox. Safe Browsing is a service created and managed by Google, also implemented in Safari and Firefox. Safe Browsing is nothing more than a blacklist of website URLs from where malware infections originated in the past. The list is constantly updated by both Google and Mozilla engineers, and works in real time, keeping users safe as they navigate the Web. Abusing the user.js settings file for browser reboot persistence Because Firefox allows users to create a user.js file where they can store various browser settings in the form of lines of code, the Mintcast adware is abusing this feature. If no user.js file is found in the "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default" folder, the adware will create one that holds only three lines of code: user_pref(“browser.safebrowsing.downloads.enabled”, false); user_pref(“browser.safebrowsing.enabled”, false); user_pref(“browser.safebrowsing.malware.enabled”, false); These settings will tell the Firefox browser to stop checking the Safe Browsing blacklist while browsing the Web or when downloading files. If turned off, it will allow the adware to redirect the user to malicious pages without having the browser show any errors or warnings to the user. Since the user.js file is executed right when the browser starts, even if the user re-enables these settings via their browser's settings section, they'll always remain active unless the user removes the user.js file from the aforementioned folder. MalwareBytes reports that, in the past, other adware like Yontoo/BrowseFox and Constant Fun employed the same technique. http://exts.org/data/MetaMirrorCache/d111959473739252f8a7fedad0294d40.jpg Setting affected by the Mintcast Adware Source: http://news.softpedia.com/news/adware-sneakily-turns-off-firefox-safe-browsing-498105.shtml Quote Member of:UNITE
bob12a Posted December 27, 2015 Posted December 27, 2015 Thanks for the info SK Bob Quote Bob(bob12a)My 3D pictures need red cyan glasses to viewmedion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.