X
Tap here to go to the mobile version of the site.

Support Forum

I found an exploit (Media plyaer related, keyword: HTMLView) that infected my computer, where is a best place to write about it

Posted

My computer was infected using HTMLView exploit described 3 years ago ( http://news.techworld.com/security/10126/windows-media-player-can-hack-your-browser/ ). I'm something should be done in order for FF to disable ASX opening in Windows Media Player


This happened

Just once or twice

== I visited a malware site looking like ordinary one (onlyumpc.com)

My computer was infected using HTMLView exploit described 3 years ago ( http://news.techworld.com/security/10126/windows-media-player-can-hack-your-browser/ ). I'm something should be done in order for FF to disable ASX opening in Windows Media Player == This happened == Just once or twice == I visited a malware site looking like ordinary one (onlyumpc.com)

Additional System Details

Installed Plug-ins

  • -Default Plug-in
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Foxit Reader Plug-In For Firefox and Netscape
  • Adobe PDF Plug-In For Firefox and Netscape
  • 1.9.0009.1
  • Google Update
  • Shockwave Flash 10.0 r32
  • Next Generation Java Plug-in 1.6.0_20 for Mozilla browsers

Application

  • User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 (.NET CLR 3.5.30729)

More Information

Many user-created extensions, no media player related

TXGuy 87 solutions 861 answers

You do not have the WMP plugin installed in your Firefox so you must be sending that directly to WMP and not playing it in your Firefox browser or you are using your Quicktime plugin to play the file directly in Firefox (assuming Quicktime can play ASX files, as I use another application, and do not use WMP or Quicktime). Are you using the current version of WMP? Is it currently updated thru Windows Update/Microsoft Update? Did you open a Windows media file in your browser with your Quicktime plugin? Are you using the most current version? Have you checked the Quicktime site for updates?

Do you have an AV/AS application installed? If so, you should contact them to report the issue. You should also attempt to report the issue to the webmaster of the site from which you downloaded the file. Firefox is not an AV/AS application and it is up to the user to keep a security program installed and up-to-date for their own protection. Different malware programs detect different malware. Never use more than one Firewall at the same time. Never use more than 1 AV/AS application at the same time. They can interfere with one another and lessen your protection. Disabling a specific file type or types for all users would be ridiculous as most have a security program that will catch such bad items, and would not allow fully-protected users the freedom to use the internet.


Other Issues: ~~red:You have installed plug-ins with known security issues. You should update them immediately.~~

Install/Update Adobe Flash Player for Firefox (aka Shockwave Flash): your ver. 10.~~red:0 r32~~; current ver. 10.1 r53 (important security update 2010-06-10; see: http://www.adobe.com/support/security/bulletins/apsb10-14.html) ~~red:Check your version here~~: http://www.mozilla.com/en-US/plugincheck/ See: Updating Flash -use Firefox to download and SAVE to your hard drive (save to Desktop for easy access) -exit Firefox (File > Exit) -In Windows,check to see that Firefox is completely closed (Ctrl+Alt+Del, choose Task Manager, click Processes tab, if "firefox.exe" is on the list, right-click "firefox.exe" and choose End process, close the Task Manager window) -double-click on the Adobe Flash installer you just downloaded to install/update Adobe Flash -when the Flash installation is complete, start Firefox, and test the Flash installation here: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507&sliceId=1

NOTE: You have 2 plugins for PDF files, Foxit and Adobe Reader (aka Adobe PDF Plug-In For Firefox). You really do not need 2. If you decide to keep Foxit, open it and Help > Check for Updates. If you decide to keep Adobe Reader, follow the instructions below.

You ~~red:MAY~~ need to Update Adobe Reader for Firefox (aka Adobe PDF Plug-In For Firefox): your ver. ~~red(could be a very old version); current ver. 9.3.3 (important security update release 06-29-2010; see: http://www.adobe.com/support/security/bulletins/apsb10-15.html) ~~red:Check your version here~~: http://www.mozilla.com/en-US/plugincheck/ See: http://support.mozilla.com/en-US/kb/Using+the+Adobe+Reader+plugin+with+Firefox#Installing_and_updating_Adobe_Reader You may be able to update from the Adobe Reader installed on your system instead of going to the Adobe site and downloading. Open the Adobe Reader installed on your system (in Windows, Start > Program Files, find and click Adobe Reader to open), click Help, click Check for Updates. If you go to the Adobe site to download the current Adobe Reader: -use Firefox to download and SAVE to your hard drive (save to Desktop for easy access) ~~red:-See the images at the bottom left of this post to see the steps to take on the Adobe site~~ -exit Firefox (File > Exit) -In Windows: check to see that Firefox is completely closed (Ctrl+Alt+Del, choose Task Manager, click Processes tab, if "firefox.exe" is on the list, right-click "firefox.exe" and choose End process, close the Task Manager window) -double-click on the Adobe Reader installer you just downloaded to install/update Adobe Reader

You do not have the WMP plugin installed in your Firefox so you must be sending that directly to WMP and not playing it in your Firefox browser or you are using your Quicktime plugin to play the file directly in Firefox (assuming Quicktime can play ASX files, as I use another application, and do not use WMP or Quicktime). Are you using the current version of WMP? Is it currently updated thru Windows Update/Microsoft Update? Did you open a Windows media file in your browser with your Quicktime plugin? Are you using the most current version? Have you checked the Quicktime site for updates? Do you have an AV/AS application installed? If so, you should contact them to report the issue. You should also attempt to report the issue to the webmaster of the site from which you downloaded the file. Firefox is not an AV/AS application and it is up to the user to keep a security program installed and up-to-date for their own protection. <u>Different malware programs detect different malware. </u> '''Never use more than one Firewall at the same time. Never use more than 1 AV/AS application at the same time. They can interfere with one another and lessen your protection. '''Disabling a specific file type or types for all users would be ridiculous as most have a security program that will catch such bad items, and would not allow fully-protected users the freedom to use the internet. -------------------------------- <u>'''''Other Issues'''''</u>: ~~red:You have installed plug-ins with known security issues. You should update them immediately.~~ <u>'''Install/Update Adobe Flash Player for Firefox (aka Shockwave Flash)'''</u>: your ver. 10.~~red:0 r32~~; current ver. 10.1 r53 ('''important security update 2010-06-10'''; see: http://www.adobe.com/support/security/bulletins/apsb10-14.html) ~~red:Check your version here~~: http://www.mozilla.com/en-US/plugincheck/ See: '''[http://support.mozilla.com/en-US/kb/Managing+the+Flash+plugin#Updating_Flash Updating Flash]''' -'''<u>use Firefox to download</u>''' and <u>'''SAVE to your hard drive'''</u> (save to Desktop for easy access) -exit Firefox (File > Exit) -''<u>In Windows,</u>''check to see that Firefox is completely closed (''Ctrl+Alt+Del, choose Task Manager, click Processes tab, if "firefox.exe" is on the list, right-click "firefox.exe" and choose End process, close the Task Manager window'') -double-click on the Adobe Flash installer you just downloaded to install/update Adobe Flash -when the Flash installation is complete, start Firefox, and test the Flash installation here: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507&sliceId=1 *<u>'''NOTE: On Vista and Windows 7'''</u> you may need to run the plugin installer as Administrator by starting the installer via the right-click context menu if you do not get an UAC prompt to ask for permission to continue (i.e nothing seems to happen). See this: http://vistasupport.mvps.org/run_as_administrator.htm *'''<u>NOTE for IE:</u>''' Firefox and most other browsers use a Plugin. IE uses an ActiveX version of Flash. To install/update the IE ActiveX Adobe Flash Player, same instructions as above, except use IE to download the ActiveX Flash installer. See: [[ActiveX]] *Also see: http://kb.mozillazine.org/Flash ~~red:'''''AND'''''~~ [[How do I edit options to add Adobe to the list of allowed sites]] NOTE: You have 2 plugins for PDF files, Foxit and Adobe Reader (aka Adobe PDF Plug-In For Firefox). You really do not need 2. If you decide to keep Foxit, open it and Help > Check for Updates. If you decide to keep Adobe Reader, follow the instructions below. <u>'''You'''</u> ~~red:<u>'''MAY'''</u>~~ <u>'''need to Update Adobe Reader for Firefox (aka Adobe PDF Plug-In For Firefox)'''</u>: your ver. ~~red(could be a very old version); current ver. 9.3.3 (important security update release 06-29-2010; see: http://www.adobe.com/support/security/bulletins/apsb10-15.html) ~~red:Check your version here~~: http://www.mozilla.com/en-US/plugincheck/ See: http://support.mozilla.com/en-US/kb/Using+the+Adobe+Reader+plugin+with+Firefox#Installing_and_updating_Adobe_Reader ''<u>You may be able to update from the Adobe Reader installed on your system</u>'' instead of going to the Adobe site and downloading. Open the Adobe Reader installed on your system (''in Windows, Start > Program Files, find and click Adobe Reader to open''), click Help, click Check for Updates. ''<u>If you go to the Adobe site to download the current Adobe Reader:</u>'' -'''<u>use Firefox to download</u>''' and <u>'''SAVE to your hard drive'''</u> (save to Desktop for easy access) ~~red:-See the images at the bottom left of this post to see the steps to take on the Adobe site~~ -exit Firefox (File > Exit) -In Windows: check to see that Firefox is completely closed (''Ctrl+Alt+Del, choose Task Manager, click Processes tab, if "firefox.exe" is on the list, right-click "firefox.exe" and choose End process, close the Task Manager window'') -double-click on the Adobe Reader installer you just downloaded to install/update Adobe Reader *<u>'''NOTE: On Vista and Windows 7'''</u> you may need to run the plugin installer as Administrator by starting the installer via the right-click context menu if you do not get an UAC prompt to ask for permission to continue (i.e nothing seems to happen). See this: http://vistasupport.mvps.org/run_as_administrator.htm *'''<u>NOTE for IE:</u>''' Firefox and most other browsers use a Plugin. IE uses an ActiveX version. To install/update the IE ActiveX version, same instructions as above, except use IE to download the ActiveX installer. See: [[ActiveX]] *Also see: http://kb.mozillazine.org/Adobe_Reader ~~red:'''''AND'''''~~ [[How do I edit options to add Adobe to the list of allowed sites]]

Question owner

Thanks for your reply, TXGuy, you gave good explanation, but I would like to share my thoughts why something should be done.

Adobe reader, flash player are widely used software and if something important is going on, everyone knows about and even Mozilla adds a link "you should upgrade.." on a "firefox updated" page. User may use or may not use media player at all, everyone thinks that if they replaced it with mediaplayer classic or winamp, one can forget about it, but as Petko Petkov wrote 3 years ago ( http://www.gnucitizen.org/blog/backdooring-windows-media-files/ ) it's very serious. I just visited the page http://onlyumpc.com/news/hit-those-hidden-butons-umpc-scrollbar-utility and it activated asf file itself without my clicking or interventing, opened asf with the following contents

.. sorry I could not post the code here (the site doesn't allow possible) so it's in the screenshot...

...and MediaPlayer started using this HTMLView file with possible its own IE (!) engine installing sys files, making changes to the regsitry and so on. Tell me it's ok and I start to think that firefox and IE is on par in terms of security (since allowing executing IE code for FF is ok as long as I keep up with ms updates)

By the way, I may be wrong and this software was installed using an old version pdf renderer or a unsecure flash, but just tell me that the thing Petkov describe is not longer a problem in the firefox and I'll be glad. As long as I see from the searches results [firefox HTMLView], nobody thought it was a real problem (CMIIW)

Max

Thanks for your reply, TXGuy, you gave good explanation, but I would like to share my thoughts why something should be done. Adobe reader, flash player are widely used software and if something important is going on, everyone knows about and even Mozilla adds a link "you should upgrade.." on a "firefox updated" page. User may use or may not use media player at all, everyone thinks that if they replaced it with mediaplayer classic or winamp, one can forget about it, but as Petko Petkov wrote 3 years ago ( http://www.gnucitizen.org/blog/backdooring-windows-media-files/ ) it's very serious. I just visited the page http://onlyumpc.com/news/hit-those-hidden-butons-umpc-scrollbar-utility and it activated asf file itself without my clicking or interventing, opened asf with the following contents .. sorry I could not post the code here (the site doesn't allow possible) so it's in the screenshot... ...and MediaPlayer started using this HTMLView file with possible its own IE (!) engine installing sys files, making changes to the regsitry and so on. Tell me it's ok and I start to think that firefox and IE is on par in terms of security (since allowing executing IE code for FF is ok as long as I keep up with ms updates) By the way, I may be wrong and this software was installed using an old version pdf renderer or a unsecure flash, but just tell me that the thing Petkov describe is not longer a problem in the firefox and I'll be glad. As long as I see from the searches results [firefox HTMLView], nobody thought it was a real problem (CMIIW) Max
TXGuy 87 solutions 861 answers

Any file, repeat any file, you download is potentially infected regardless of what browser you use. Any web site you visit could potentially download "drive by" malware to your system without action on your part. OSX and Linux users, who always said they were immune to viruses, are now finding that their OSes are not immune to infection and AV/AS companies are beginning to produce applications for those OSes. To OSX and Linux users, I say "Welcome to the world that Windows users have been living in for years." I do not want any government, ISP, browser, etc., restricting my use of the internet. PERIOD! I protect myself!!!!

My only advice is to take every measure you reasonably can to protect yourself. Firewall, AV/AS, one or more routers between your modem/router and your computer, staying away from sites you do not know or trust, etc., etc., etc. Even with all of that, you may still get an infection. The balance is between reasonable protection and free use of the internet, and only you can determine what is best for your own situation.

You did not answer my questions re: firewall, AV/AS application, updated all software, etc. If not, you are wide open to infection. Just as with the versions of Flash Player and Adobe Reader you are using, they have security flaws. It is your responsibility to know what is on your computer, it is your responsibility to keep it current to protect yourself. You must also consider that if you are lax in protecting your system, you can then pass on a piece of malware that might attach to an e-mail that you send to a friend, a family member or a co-worker; so you are hurting them too!!!

No more debating. You got infected, it is not Mozilla/Firefox's fault, you got a bad file. You need to ask yourself and look at your own setup to see if you are doing everything you reasonably can do to protect yourself.

No reply is expected. It is something you must do.

Any file, repeat <u>'''any file'''</u>, you <u>'''download'''</u> is '''''potentially infected''''' regardless of what browser you use. Any web site you visit could potentially download "drive by" malware to your system without action on your part. OSX and Linux users, who always said they were immune to viruses, are now finding that their OSes are not immune to infection and AV/AS companies are beginning to produce applications for those OSes. To OSX and Linux users, I say "Welcome to the world that Windows users have been living in for years." I do not want any government, ISP, browser, etc., restricting my use of the internet. PERIOD! I protect myself!!!! My only advice is to take every measure you '''''reasonably''''' can to protect yourself. Firewall, AV/AS, one or more routers between your modem/router and your computer, staying away from sites you do not know or trust, etc., etc., etc. Even with all of that, you may still get an infection. The balance is between reasonable protection and free use of the internet, and only you can determine what is best for your own situation. You did not answer my questions re: firewall, AV/AS application, updated all software, etc. If not, you are wide open to infection. Just as with the versions of Flash Player and Adobe Reader you are using, they have security flaws. It is your responsibility to know what is on your computer, it is your responsibility to keep it current to protect yourself. You must also consider that if you are lax in protecting your system, you can then pass on a piece of malware that might attach to an e-mail that you send to a friend, a family member or a co-worker; so you are hurting them too!!! No more debating. You got infected, it is not Mozilla/Firefox's fault, <u>'''you got a bad file'''</u>. You need to ask yourself and look at your own setup to see if you are doing everything you reasonably can do to protect yourself. No reply is expected. It is something <u>'''you'''</u> must do.