Announcement

Announcement Module
Collapse
No announcement yet.

SWF Injected on Pages from IOBit Toolbar? [Wrong interpretation]

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SWF Injected on Pages from IOBit Toolbar? [Wrong interpretation]

    I just had the IOBit toolbar added to firefox somehow. I was going to disable it but started my dayhow and was going to remove it later.

    I went to a page which had a password field on it and I noticed a small flashblock icon on it. Since I wrote the page I noticed something was amiss. I investigated with Firebug and sure enough, it looks like some program was injecting flash into my page. I tried some other pages and it appears to be injecting onto pages that have passwords fields. This raised the hair on the back of my kneck.

    The URL that the macromedia was getting is "http://d3lvr7yuk4uaui.cloudfront.net/items/e6a00/storage.swf". Fortunately, flashblock was running and was showing me an icon.

    I have no idea what this flash does but am way more concerned with whatever program was injecting it into my pages dymanically.

    I went ahead and un-installed the IO Bit toolbar from Firefox and presto it went away.

    I wish I had just disabled though as I now cannot find the installer for the toolbar to re-test this.

    Question: Why would IOBit toolbar be related to swf injections into password pages?


    Note, flashblock wraps the swf. There is _GPL_e6a00_div containing the swf is clearly injected by the script and not flashblock. This source did not come down from the source page but was injected dynamically.

  • #2
    Hi,

    I registered just so I could answer you. Today while updating a page for a client I noticed a strange gap below the footer. After investigating it showed exactly what you describe, a div containing a flash object pointing to the same url. I wasted a whole morning trying to figure out where it came from.
    Your post helped by pointing me in the direction of a firefox add-on.
    After disabling them one by one I found it was the Google+tweet add-on (installed via crossrider dot com).
    So I removed that and changed all my important passwords. I just wanted to let you know, partly to thank you and partly so maybe you can double check your addons since it seems strange that we both have the same problem with different addons?

    Comment


    • #3
      Hi TheDude2012!

      Question: Why would IOBit toolbar be related to swf injections into password pages?
      I just had the IOBit toolbar added to firefox somehow.
      I wish I had just disabled though as I now cannot find the installer for the toolbar to re-test this.
      Iobit toolbar is only offered upon install. You will have to re-install the Iobit App to get the toolbar back if you want to test.


      Sincerely,
      -Mel
      Live long and prosper!
      Last edited by Melvin_Deal; Jan. 21st, 2012, 00:42.


      Comment


      • #4
        Thanks Mel,

        I actually installed the toolbar again and it looked completely different. It appears that some other rogue app installed a toolbar that spoofed itself as an IOBit toolbar.

        Unfortunately, I could not dig up any history in windows or firefox showing what triggered the install.

        Very fishy and something keeping an eye out for.

        Cheers
        - JsD

        Comment


        • #5
          Google+Tweet (crossrider) is doing bad stuff

          @EvertVd - I tried that Google+Tweet toolbar and for sure it added the same flash. It appears that either (a) crossrider dot com had its site hacked or (b) crossrider dot com is writing nasty stuff.

          It does appear that (b) is the case as is shown http://securitywatch.eweek.com/socia...l_malware.html

          Thanks for your post!

          Comment


          • #6
            I just noticed that the toolbar is back again. This time it installed but it was disabled by default. I enabled the IOBit toolbar (v4.9) and sure enough, the rogue flash re-appeared. When I disable the Toolbar, the flash goes away.

            See the attached screenshot including toolbar and rogue flash (displayed with flashblock icon)

            This appeared after I rebooted my computer and I noticed an error in my system icons in Windows 7. See attached picture.

            I also found that two files were added to my Firefox addon at exactly the moment I saw the warning from Windows 7 (mybrowserbar_addon_entries.jpg).

            I will try to track down the add-on and submit in another post in the form of a zip....
            Attached Files

            Comment


            • #7
              Issue Closed - Is the IOBit Toolbar (by spigot)

              I have found that the IOBit toolbar being installed is the one that comes from http://iobit.mybrowserbar.com/ so this is definitely branded as an IOBit toolbar

              I have no idea how this got installed on my PC but it auto injects the toolbar into firefox at computer startup. It is that toolbar which is injecting the swf into the web pages.

              It may be worth while to investigate why this toolbar is doing such page alterations with such an suspect swf injection.

              I appreciate any information you can supply.

              For now, I have un-installed the IOBit toolbar installer by spigot.

              Comment


              • #8
                Hi TheDude2012!

                The link you have posted will take you directly to a screenshot on the Iobit Forum:shock:, It is only a link to your screenshot!!... It is not reflective of anything.

                Toolbars are useless!! IN my opinion... never install them by any software publisher!

                Most all add on toolbars are useless and compromise your system one way or the other... All you have to do is customize your Desktop, taskbar and FireFox anyway... why add a toolbar and another service on your system???? Not to mention that they are notorius for spying! It is a common revenue generator for software providers to add toolbars their applications (on install) to gain revenues. It doesn't mean that you should allow them just because the question pops up in the install. you must read carefully upon the install of every software and accept only the parts that you want!!!

                The toolbar should be uninstalled.

                <hr style="color: rgb(209, 209, 225);" size="1">
                If you need help removing it let me know.




                Sincerely,
                -Mel
                Live long and prosper!
                Last edited by Melvin_Deal; Feb. 1st, 2012, 05:03.


                Comment

                Working...
                X