Ragwing started this topic with a 3 KB zip cleanup tool in March 2009.
I believe that is what Tracy@worldoweb has published.
It appears to me that Languy99 has now published a 40% larger and more comprehensive version via MegaUpload.
The Good :- Congrats on finding and removing additional residues.
The Bad :- Is MegaUpload one of the up to 114,000 sites that have have been compromised by a recent SQL injection attack upon sources of adverts ?
http://www.computerworld.com/s/article/9177904/Mass_Web_attack_hits_Wall_Street_Journal_Jerusalem_Post
I have no account so I used the FREE download which made me wait for 45 seconds whilst it displayed adverts;
I waited, but there were no adverts.
After a 45 second countdown the “Regular Download” button was available.
After “due diligence” I clicked “Regular Download” and the Firefox Download manager immediately started to receive what I was waiting for,
and at that very same instant I noticed a new icon appear on the task bar -
another instance of Firefox which was hidden behind the original.
Unwanted pop-ups can be easily seen and avoided.
Launch of a new minimised instance of Firefox that is connected to a Poker gambling site and is connecting/downloading additional stuff from some other site is rather less obvious.
MegaUpload wasted 45 seconds in which they could have shown me adverts,
and then connected me to a Poker gambling site that then connected somewhere else.
A very inefficient way of selling an advert to me.
A very effective way of downloading a bit of unwanted malware at the same time that I am getting the download I wanted.
Within one second I saw the new icon on the task bar, clicked on the icon and saw what it was.
I instantly used the icon context menu to close before it could complete its additional connections.
Had I not observed the icon appear on the taskbar I would not have seen the hidden advert with its extra connections.
Had I been waiting for something far larger than a 4 KB zip download the hidden advert could have completed its extra connections.
I do not trust any unexpected behaviour. When in doubt I assume the worse.
Questions :-
Is there any reason why I should know that the above behaviour is NEVER dangerous ?
Is this MegaUpload site perfectly safe when exhibiting this illogical and apparently dangerous behaviour ?
Am I still safe from clickjacking etc if I click a taskbar icon and use the icon context menu to close the executable, or should I select via Alt Tab and then close with Ctrl’X ?
(I believe clicking within a Firefox page is vulnerable, and possibly the top right corner “close” button might be subverted.)
Alan