This thread was archived. Please ask a new question if you need help.
How can a website attempt an intrusion when firefox is loaded and that website is not on an open tab?
When Firefox was reopened after a reboot, Norton detected an intrusion attempt from a fake website. What's strange is two things: 1. The website was last accessed erroneously (misspelled it when entering it on address bar) three weeks prior. 2. The fake website was not being opened by any of the tabs reopened when Firefox loaded! Note that the reboot and reloading of Firefox mentioned above happened after another Norton warning that it detected a large amount of outbound network traffic. That warning occurred while I was cleaning up my long browsing history in order to reduce memory usage by Firefox. As a result of the warning, I ran several scans using Norton's Power Eraser, none of which resulted in any related security issues detected.
So, short of the offending website having hijacked a legitimate Add-on already installed when the site was first accessed, which I'm finding hard to believe, I cannot understand how that website could attempt to do anything if none of the tabs being opened from the previous session are pointing to it! Or can it, and could it have been running in the background all this time, stealing keystrokes and/or data from my computer - all from one quick linking to it, without any further access therein????? Is there a way to see what commands Firefox is executing at start-up and during a session?
All Replies (3)
Hi, Separate Security Issue, please remove and update Flash 26.0 r0 Flash Player Version: 126.96.36.199 Current Version https://get.adobe.com/flashplayer/otherversions/ Step 1: Select Operating System Step 2: Select A Version (Firefox, . . . .) Note: Other software is offered in the download. <Windows Only>
Yes is entirely possible in a lot of things you mention. When you went to the website it dropped a cookie, if that was not deleted every time you opened Firefox it spoke to what ever site is told to. That is also true of the cache and temp files. As a Norton beta tester and long time user Norton does not catch everything. Yes the reboot helped it find it or it's blacklist was updated or white list was down graded for looking at what ever.
Java script on a page and on some sites start mining Bitcoin or one of the others. Some sites tell you since you run with adblockers we are going to mine if you want to use the site.
So basically anything can happen and it is good to run a real time Anti-Malware program as well as your A/V & Firewall. Do not know if you have the Norton Extension installed : Norton Safe Web or not : https://addons.mozilla.org/en-US/firefox/addon/norton-safe-web/
So is called best practices : 1 of which you did is cleanup files in Firefox. Use Windows Disk Cleanup Weekly, Use a schedule for Norton to scan on day/time. Check C:\Users out. If not sure of something like a file that Norton has already checked or a website send the file or scan the URL from Virustotal.com Get rid of Tracking cookies with SuperAntiSpyware and does other stuff also. Suggest malware scans just to make sure :
I own 2 myself, Malwarebytes and RogueKiller and use what's on the list also. If feel something is wrong can always go to :
and let the Pros help or to go to : https://community.norton.com/forums
Please let us know if this solved your issue or if need further assistance.
Modified by Shadow110
Thanks for your reply and your advice. My apologies for the late response, but I was away. It was definitely an eye opener to learn that FF would activate/launch a cookie's code upon the application loading, even if that cookie's originating page was not being loaded! I can't imagine how that ability can be anything other than a security loophole, bu then again I'm not a web developer so there might be legitimate uses for such. Still, that seems like an area that needs more controls!
I tried to speak with Norton regarding this issue....just to get a better handle on what the specific intrusion was known to do and what the 'large outbound traffic' warning could mean in practice. However, my chat with their 2nd tier support seemed to have gone right over their head (all I got were very genetic answers), and their "engineering" group, which was supposed to call me to address my questions, called me once but missed me and they never called back.
Even though, after 20 yrs of serious web surfing, this is the first incident that I can recall of my PC being affected by a threat (that Norton detected, I should add!), I will, nonetheless, look into the malware software you suggested. It looks like it may be time for more security and/or possibly switching to something like PCMatic antivirus, which uses a different paradigm to protect.
Incidentally, thanks for the head up on the out-of-date Flash software! That was the version that Mozilla installed after resetting FF!!! Also, what did you mean by "Java script on a page and on some sites start mining Bitcoin or one of the others"? Could you elaborate on that?