Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

  1. #1

    Exclamation FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Hello All
    I have a question about the Firefox 3.0.18

    Is it possible that Firefox (downloaded via yast from OpenSuse repository) recently has been equipped, infected with a BACKDOOR, TROJAN HORSE?????

    Scenario:
    1. As long as i only startup Firefox everything is ok.
    This seems very logical, cause the firewall shuts out all incomming trafic.

    2. As soon as I enter an url, and the internet page start to appear on screen, the **** happens...
    When receiving a webpage, the firewall allows incomming traffic over the HTTP connection from the webserver BACK into my computer..

    3. Then..within 3-5 minutes, without touched my keyboard or mouse, my harddisk is starting to get VERY busy.
    It looks like someone is remotely searching my harddisk for something

    This "very busy harddisk-search behaviour" misteriously disappears again when i close Firefox!

    Additional Information:
    I use the following firefox-plugins
    - Noscript,1.2.0.4
    - Flashgot,1.9.6.9
    - SEO Doctor 1.0 <- switched off
    - Wedeveloper 1.1.8 <- switched off
    - Java (SE) runtime version, 1.6.09-bo4
    - Java Hotspot client (build 16.2-b04, mixed mode)
    - This is the data from the About Help window in Firefox.
    Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.18) Gecko/2010020400 SUSE/3.0.18-0.1.1 Firefox/3.0.18.


    What have I done so far myself:
    1. Via Yast -> Remove Firefox, reboot and re-installed Firefox again
    2. Do a rootkit checkup with chkroot -> nothing
    3. Do a full virusscan with ClamAc -> clean

    Note:
    This behaviour does not happen with other browsers (like Konqueror, Opera, Mozilla, Seamonkey)


    Questions:
    1 Who has any suggestions? what can explain this strange Firefox behaviour?

    2. Can this be caused by one of the Firefox plugins?

    3. How can i "monitor" the Firefox application behaviour?
    Is there a way to "look under the hood" to see
    - What Firefox is starting up on childprocesses?
    - Which activities are being done by which application, task, daemon on my harddrive during this "strange behaviour?"

    Thanks for your tips, hints, and tricks,

    Regards Ronald

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,864
    Blog Entries
    15

    Default Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Quote Originally Posted by ronaldvermeij
    2. Can this be caused by one of the Firefox plugins?
    Hi
    Probably Beagle running, what add ins do you have? Is the beagle
    application active?

    You can run something like wireshark to monitor you ethernet traffic,
    the other plugin I use is httpfox which will sho you whats happening.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.45-0.1-default
    up 2 days 17:44, 2 users, load average: 1.26, 1.64, 1.13
    GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.53


  3. #3
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,442

    Default Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Sounds like beagle.

  4. #4

    Red face Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Probably Beagle running , Is the beagle
    application active?
    Nope Beagle has been removed from my system completely

    @malcolmlewis
    what add ins do you have?
    What do you mean by "add-ins" malcolmlewis??
    - If you are referring to Firefox browser PLUGINS, that list i already mentioned in my original posting

    I use the following firefox-plugins
    - Noscript,1.2.0.4
    - Flashgot,1.9.6.9
    - SEO Doctor 1.0 <- switched off
    - Wedeveloper 1.1.8 <- switched off
    - Java (SE) runtime version, 1.6.09-bo4
    - Java Hotspot client (build 16.2-b04, mixed mode)
    - This is the data from the About Help window in Firefox.
    Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.18) Gecko/2010020400 SUSE/3.0.18-0.1.1 Firefox/3.0.18.
    - If you are referring to something else then firefox-browser-plugins, please take the time and effort to point exactly out what you mean by the word "add ins" please.

    Does anyone else has (non beagle like) suggestions?

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,864
    Blog Entries
    15

    Default Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Quote Originally Posted by ronaldvermeij

    > Probably Beagle running , Is the beagle
    > application active?

    Nope Beagle has been removed from my system completely
    Hi
    Yes I meant the beagle add-in. Can you open a terminal and run the top
    command, this should give you an idea of whats occurring on the system.
    Install the httpfox add in and start that to see where the browser is
    going.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.45-0.1-default
    up 1:54, 2 users, load average: 0.03, 0.11, 0.50
    GPU GeForce 8600 GTS Silent - CUDA Driver Version: 195.36.15


  6. #6
    Join Date
    Dec 2008
    Location
    GMT-7
    Posts
    382

    Default Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    2. As soon as I enter an url, and the internet page start to appear on screen, the **** happens...
    When receiving a webpage, the firewall allows incomming traffic over the HTTP connection from the webserver BACK into my computer..
    I don't think you should panic just yet: a firewall by definition will let port 80 traffic back to your computer if you have established the connection from your end first. Otherwise, you would never receive the web page you requested in the first place.

    The disk drive activity certainly needs explanation (see below), but the network traffic you're seeing I think is normal.

    As for the disk activity - I think this is a FF 3.0 issue: a couple of seconds after it starts, it goes through its local cache and does some form of maintenance which is just stupidly disk-intensive. I noticed a big improvement when I turned off all those RSS feeds (headlines, etc.). I believe there is also a cache setting in Firefox you can tweak.

    I noticed that in the 11.2 distro, which has FF 3.5, not 3.0, this is no longer an issue. You could try to install 3.5 from the mozilla repository.
    Desk: AMD Phenom II X4 945 8GB RAM Radeon HD 3300 Arch Linux Xfce 4.8
    Lap: Intel 2.13GHz Core i3 M330 8GB RAM nVidia GeForce 310M Arch Linux KDE 4.7.3

  7. #7

    Thumbs up Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Quote Originally Posted by malcolmlewis View Post
    Yes I mean the beagle add-in. Can you open a terminal and run the top command, this should give you an idea of whats occurring on the system.

    Install the httpfox add in and start that to see where the browser is going.
    Hello malcomlewis,
    1. As i wrote in my previous postings.... i do not have any beagle of beagle "add-in" on my system installed.

    2. Thanks for the "http-fox" addin tip
    That is true a nice piece of software, which lets you see all "unvisible things" during surfing.

    I'll keep you updated on the results malcomlewis

  8. #8

    Thumbs up Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Quote Originally Posted by twelveeighty View Post
    I don't think you should panic just yet: a firewall by definition will let port 80 traffic back to your computer if you have established the connection from your end first. Otherwise, you would never receive the web page you requested in the first place.
    Roger that sir! this is what i understood already myself :-).

    As for the disk activity - I think this is a FF 3.0 issue: a couple of seconds after it starts, it goes through its local cache and does some form of maintenance which is just stupidly disk-intensive.
    Could be true..
    I empty the Firefox all-caches before closing the application. I see a dialog box that asks me this manually....
    So - imo - there is no "local cache" anymore after having closed down the Firefox application completely.

    I noticed a big improvement when I turned off all those RSS feeds (headlines, etc.). I believe there is also a cache setting in Firefox you can tweak.
    I did not use these features in the first place.

    I noticed that in the 11.2 distro, which has FF 3.5, not 3.0, this is no longer an issue. You could try to install 3.5 from the mozilla repository.
    Thanks for this advise twelveeighty.
    I have added the mozilla repository to Yast.
    I have installed the "new Firefox" version:
    Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9

    I will keep you updated on further results.

  9. #9

    Default Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    Hello ronaldvermeij-

    Are you running a 32bit CPU? The '686' version of Firefox is intended for a 32bit machine, while the 'x86_64' version is used on 64bit CPU systems. The 686 version will run, in 32bit mode however, but this may be responsible for some of your disk access problems.

    Unless you have a specific reason to run the 686 version, I would advise that you get the 64bit versions of all software for performance and overhead issues, provided you have a 64bit CPU. You will see a marked increase in performance.

    pm..

  10. #10
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: FIREFOX 3.0.18 - BACKDOOR, TROJAN HORSE?

    patmartini wrote:
    > You will see a marked increase in performance.


    really? have you actually done side by side, controlled, timed test of
    which programs and processes?

    define "marked increase" please.....does 64 take (say) 30% less time
    to compile a kernel than does 32, or what?

    i ask because i know that SOME things done in 64 will be slower than
    when done in 32 because the extra bit length addresses take longer to
    process while there is zero speed advantage to using 64 because of the
    way the program is written--so, it is slower..

    --
    DenverD (Linux Counter 282315)
    CAVEAT: http://is.gd/bpoMD
    posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
    2.6.22.19-0.4-default SMP i686
    AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
    CMedia 9761 AC'97 Audio

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •