This thread was archived. Please ask a new question if you need help.
What is the proper procedure for reporting malicious links in Firefox Send?
I tried to post this question in the correct forum, but there is no option to choose Firefox Send as a product when asking a question. The Firefox Send forum at https://support.mozilla.org/en-US/questions/firefox-send appears to be empty and I didn't see a way to post there directly.
An email account at my school district was recently compromised and had sent out 122 malicious phishing links via Firefox Send before we stopped it and took control of the account back. I have the list of malicious Firefox Send links and I'd like to share them with the proper people at Mozilla so something can be done.
The files are all password-protected archives (I know the passwords) that contain malicious VBS files which have their code heavily obfuscated. I haven't yet tried to figure out what the VB scripts do - I was hoping a cyber security professional would be willing to take a look.
Someone please contact me so I can at least try to get the files taken down.
If I were to make a feature request for Firefox Send, it would be to add a button to report a file as malicious.
All Replies (4)
You may have seen a post or received a notification regarding support for Firefox or Thunderbird with a link to another site or a phone number being posted. This is a scam and is not a method to receive support from Mozilla. Mozilla does not have telephone or email support. Please do not click on the link and do not interact by calling any phone numbers or email addresses listed. I apologize for any inconvenience caused. You are currently posting on the official Mozilla website and will receive assistance here.
I have not been contacted regarding this matter.
We are still having occasional break-ins where the attacker(s) continues to leverage Firefox Send to spread malware. We think they are using a tool called SMTPer to automate sending out the malware links. The attackers appear to be using a VPN connection to launch their attacks, so tracking them down by email sign-ins seems very unlikely.
The malicious VB scripts in the archives hosted on Firefox Send have been identified as a dropper classification of Trojan by our antivirus.
Since there have been no replies suggesting that any action is being taken by Mozilla, I have been advised to escalate this on my side and get the state of Kentucky's Educational Technology Support (their security division) involved.
I've found a method that might allow me to de-obfuscate the malicious scripts, but I'd rather an experienced security professional tackle that.
Due to Support Forum new policy links are not allowed in answers. So, Check your answer in the picture attached with it.
Brian G said
I tried to post this question in the correct forum, but there is no option to choose Firefox Send as a product when asking a question.
Hello Brian G,
I asked about this on the contributor forums, and the reply I got from a SUMO
Manager is :
" As far as I know, we don't have AAQ flow dedicated for Firefox Send right now.
I would suggest recommend the OP to file the question under Firefox instead. "
So, you posted in the right place !