Home > Computer Security > Late Night Computer Security: Half asleep at the keyboard

Late Night Computer Security: Half asleep at the keyboard

I was up until 3:30am this morning researching something on the Internet and then all of a sudden, my desktop firewall pops-up a message asking me if I want to allow an unfamiliar “.exe” file to access the Internet.  My firewall is setup, so that anytime an executable that I haven’t marked as safe wants to access the Internet, it prompts me if I want to let it out. “Oh great,” I thought to myself, “I must have been hit by some type of zero-day exploit.” I click the disallow button and right after I click the button I think, “Wait. What was the name of that executable again?” Doh!

So then I’m sitting there thinking to myself, half-awake, that it really doesn’t matter if I go back to that Website, because at this point, I’m just going to save this VMware image for analysis.  I go back to the Website, click on link and sure enough, I get the firewall prompt again. The file is named plugin-container.exe. “What the heck is this?” I think. A quick Google check and yes, you probably already know this – it’s a Firefox process that runs your plug-ins under a separate process.

I recall reading headlines over the past week that Firefox has a new crash protection feature, but I didn’t realize this was it.  The crash feature is mentioned in the release notes and on Mozilla’s blog, but there is no mention that this feature spawns a new process named plugin-container.exe. Lame.

I hate when stuff like this happens, but I guess it’s to be expected when I’m half asleep at the keyboard.

  1. June 28, 2010 at 5:47 pm

    I actually had a similar thing happen to me late one night. I was analyzing a fresh packet capture in Netwitness Investigator and several warning messages came up. Suspicious .EXE, and suspicious communication type alarms.

    I thought I somehow got infected. It was great though, because Netwitness captured everything. As I analyzed the data, I realized that I wasn’t infected, I had just captured my Anti-Virus doing a product update. Lol….

    • June 28, 2010 at 8:58 pm

      That’s funny! Thanks for sharing your story.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: